diff --git a/core/modules/user/src/Authentication/Provider/Cookie.php b/core/modules/user/src/Authentication/Provider/Cookie.php
index aea58f6..0a8551c 100644
--- a/core/modules/user/src/Authentication/Provider/Cookie.php
+++ b/core/modules/user/src/Authentication/Provider/Cookie.php
@@ -134,8 +134,10 @@ class Cookie implements AuthenticationProviderInterface, EventSubscriberInterfac
         $options = UrlHelper::parse($url);
         $options['query']['check_logged_in'] = '1';
         $url = $options['path'] . '?' . UrlHelper::buildQuery($options['query']);
-        if (!empty($options['#fragment'])) {
-          $url .= '#' . $options['#fragment'];
+        if (isset($options['fragment'])) {
+          if (($fragment = trim($options['fragment'])) != '') {
+            $url .= '#' . $fragment;
+          }
         }
         // In the case of trusted redirect, we have to update the list of
         // trusted URLs because here we've just modified its target URL