diff --git a/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php
index a5736aecd800c..7317967125e1f 100644
--- a/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php
+++ b/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php
@@ -79,6 +79,17 @@ public function supports(Request $request): ?bool
             return false;
         }
 
+        // do not overwrite already stored tokens from the same user (i.e. from the session)
+        $token = $this->tokenStorage->getToken();
+
+        if ($token instanceof PreAuthenticatedToken && $this->firewallName === $token->getFirewallName() && $token->getUserIdentifier() === $username) {
+            if (null !== $this->logger) {
+                $this->logger->debug('Skipping pre-authenticated authenticator as the user already has an existing session.', ['authenticator' => static::class]);
+            }
+
+            return false;
+        }
+
         $request->attributes->set('_pre_authenticated_username', $username);
 
         return true;
diff --git a/src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php b/src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php
index 46454e6aaf86a..d1322ec4a3164 100644
--- a/src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php
@@ -13,6 +13,7 @@
 
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
 use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Core\User\InMemoryUserProvider;
@@ -37,6 +38,17 @@ public function testSupportNoUser()
         $this->assertFalse($authenticator->supports($this->createRequest([])));
     }
 
+    public function testSupportTokenStorageWithToken()
+    {
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken(new PreAuthenticatedToken('username', 'credentials', 'main'));
+
+        $authenticator = new RemoteUserAuthenticator(new InMemoryUserProvider(), $tokenStorage, 'main');
+
+        $this->assertFalse($authenticator->supports($this->createRequest(['REMOTE_USER' => 'username'])));
+        $this->assertTrue($authenticator->supports($this->createRequest(['REMOTE_USER' => 'another_username'])));
+    }
+
     /**
      * @dataProvider provideAuthenticators
      */