@@ -281,7 +281,7 @@ important section is ``firewalls``:
281281
282282versionadded ::4.4
283283
284- The ``anonymous: lazyoption was introduced in Symfony 4.4.
284+ The ``lazy ``anonymous mode has been introduced in Symfony 4.4.
285285
286286A "firewall" is your authentication system: the configuration below it defines
287287*how * your users will be able to authenticate (e.g. login form, API token, etc).
@@ -293,18 +293,34 @@ accidentally block Symfony's dev tools - which live under URLs like ``/_profiler
293293and ``/_wdt ``.
294294
295295All *real * URLs are handled by the ``main `` firewall (no ``pattern `` key means
296- it matches *all * URLs). But this does *not * mean that every URL requires authentication.
297- Nope, thanks to the ``anonymous `` key, this firewall *is * accessible anonymously.
296+ it matches *all * URLs).
297+ A firewall can have many modes of authentication, in other words many ways to
298+ ask the question "Who are you?".
299+ It is convenient to first let users answer "I'm no one in particular, just a
300+ visitor as any other", this mode is ``anonymous ``.
298301
299- In fact, if you go to the homepage right now, you *will * have access and you'll see
300- that you're "authenticated" as ``anon. ``. Don't be fooled by the "Yes" next to
301- Authenticated. The firewall verified that it does not know your identity, and so,
302- you are anonymous:
302+ In fact, if you go to the homepage right now, you *will * have access and you'll
303+ see that you're "authenticated" as ``anon. ``. The firewall verified that it
304+ does not know your identity, and so, you are anonymous:
303305
304306..image ::/_images/security/anonymous_wdt.png
305307:align: center
306308
307- You'll learn later how to deny access to certain URLs or controllers.
309+ It means any request can have an anonymous token to access some resource, while
310+ some actions (i.e. some pages or buttons) can still require some privileges.
311+ A request can then access a form login without being authenticated as a unique
312+ user (otherwise an infinite redirection loop would happen asking the user to
313+ authenticate while trying to doing so).
314+
315+ You'll learn later how to deny access to certain URLs, controllers, or part of
316+ templates.
317+
318+ ..note ::
319+
320+ The ``lazy `` anonymous mode prevent the session from being started if there is
321+ no need for authorization (i.e. explicit check for a user privilege).
322+ This is important to keep requests cacheable
323+ (see:ref: `HTTP cache <http_cache >`.
308324
309325..note ::
310326