From dc91bfd7dfd8d61a053e01bbafe69286e3e880c4 Mon Sep 17 00:00:00 2001
From: Oleg Andreyev <oleg@andreyev.lv>
Date: Fri, 19 Apr 2019 19:59:08 +0300
Subject: [PATCH] #21571 updated "Authentication Success and Failure Events"
 section

---
 components/security/authentication.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/security/authentication.rst b/components/security/authentication.rst
index 9430808c825..ddf2ec3b993 100644
--- a/components/security/authentication.rst
+++ b/components/security/authentication.rst
@@ -289,9 +289,9 @@ Authentication Success and Failure Events
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 When a provider authenticates the user, a ``security.authentication.success``
-event is dispatched. But beware - this event will fire, for example, on *every*
-request if you have session-based authentication. See ``security.interactive_login``
-below if you need to do something when a user *actually* logs in.
+event is dispatched. But beware - this event may fire, for example, on *every*
+request if you have session-based authentication, if ``always_authenticate_before_granting`` is enabled or if token is not authenticated before AccessListener is invoked.
+See ``security.interactive_login`` below if you need to do something when a user *actually* logs in.
 
 When a provider attempts authentication but fails (i.e. throws an ``AuthenticationException``),
 a ``security.authentication.failure`` event is dispatched. You could listen on