@@ -290,7 +290,9 @@ and ``/_wdt``.
290290
291291All *real * URLs are handled by the ``main `` firewall (no ``pattern `` key means
292292it matches *all * URLs). But this does *not * mean that every URL requires authentication.
293- Nope, thanks to the ``anonymous `` key, this firewall *is * accessible anonymously.
293+ It is useful to let users be authenticated as anonymous. It means any request
294+ can have an anonymous token to access some resource, while some actions can require
295+ some privileges.
294296
295297In fact, if you go to the homepage right now, you *will * have access and you'll see
296298that you're "authenticated" as ``anon. ``. Don't be fooled by the "Yes" next to
@@ -300,8 +302,20 @@ you are anonymous:
300302..image ::/_images/security/anonymous_wdt.png
301303:align: center
302304
305+ It will also allow a request to access a form login without being authenticated as a
306+ unique user (otherwise an infinite redirection loop would happen asking the user to
307+ authenticate while trying to doing so).
303308You'll learn later how to deny access to certain URLs or controllers.
304309
310+ ..note ::
311+
312+ The "lazy" anonymous mode prevent the session from being started if there is
313+ no need for authorization (i.e explicit check for a user privilege).
314+
315+ ..versionadded ::4.4
316+
317+ The "lazy" anonymous mode has been introduced in Symfony 4.4.
318+
305319..note ::
306320
307321 If you do not see the toolbar, install the:doc: `profiler </profiler >` with: