@@ -279,10 +279,6 @@ important section is ``firewalls``:
279279 ],
280280 ]);
281281
282- versionadded ::4.4
283-
284- The ``anonymous: lazy `` option was introduced in Symfony 4.4.
285-
286282
287283*how * your users will be able to authenticate (e.g. login form, API token, etc).
288284
@@ -293,18 +289,40 @@ accidentally block Symfony's dev tools - which live under URLs like ``/_profiler
293289and ``/_wdt ``.
294290
295291All *real * URLs are handled by the ``main `` firewall (no ``pattern `` key means
296- it matches *all * URLs). But this does *not * mean that every URL requires authentication.
297- Nope, thanks to the ``anonymous `` key, this firewall *is * accessible anonymously.
298-
299- In fact, if you go to the homepage right now, you *will * have access and you'll see
300- that you're "authenticated" as ``anon. ``. Don't be fooled by the "Yes" next to
301- Authenticated. The firewall verified that it does not know your identity, and so,
302- you are anonymous:
292+ it matches *all * URLs).
293+ A firewall can have many modes of authentication, in other words many way to
294+ ask the question "Who are you?".
295+ It is convenient to first let users answer "I'm no one in particular, just a
296+ visitor as any other", this mode is ``anonymous ``.
297+ It means any request can have an anonymous token to access some resource,
298+ while some actions (i.e. see other pages or buttons) can still require
299+ some privileges.
300+
301+ In fact, if you go to the homepage right now, you *will * have access and you'll
302+ see that you're "authenticated" as ``anon. ``. Don't be fooled by the "Yes" next
303+ to ``Authenticated ``. The firewall verified that it does not know your
304+ identity, and so, you are anonymous:
303305
304306..image ::/_images/security/anonymous_wdt.png
305307:align: center
306308
307- You'll learn later how to deny access to certain URLs or controllers.
309+ It will also allow a request to access a form login without being authenticated
310+ as a unique user (otherwise an infinite redirection loop would happen asking
311+ the user to authenticate while trying to doing so).
312+
313+ You'll learn later how to deny access to certain URLs, controllers, or part of
314+ templates.
315+
316+ ..note ::
317+
318+ The ``lazy `` anonymous mode prevent the session from being started if there is
319+ no need for authorization (i.e. explicit check for a user privilege).
320+ This is important to keep requests cacheable
321+ (see:ref: `HTTP cache <http_cache >`.
322+
323+ ..versionadded ::4.4
324+
325+ The ``lazy `` anonymous mode has been introduced in Symfony 4.4.
308326
309327..note ::
310328