Update to drupal 8.0.0-rc1. For more information, see https://www.drupal.org/node/2582663

core/lib/Drupal/Core/Session/AccountInterface.php

@@ -106,22 +106,49 @@ interface AccountInterface {
   public function getPreferredAdminLangcode($fallback_to_default = TRUE);
 
   /**
-   * Returns the username of this account.
+   * Returns the unaltered login name of this account.
+   *
+   * @return string
+   *   An unsanitized plain-text string with the name of this account that is
+   *   used to log in. Only display this name to admins and to the user who owns
+   *   this account, and only in the context of the name used to login. For
+   *   any other display purposes, use
+   *   \Drupal\Core\Session\AccountInterface::getDisplayName() instead.
+   *
+   * @deprecated in Drupal 8.0.0, will be removed before Drupal 9.0.0.
+   *   Use \Drupal\Core\Session\AccountInterface::getAccountName() or
+   *   \Drupal\user\UserInterface::getDisplayName() instead.
+   */
+  public function getUsername();
+
+  /**
+   * Returns the unaltered login name of this account.
+   *
+   * @return string
+   *   An unsanitized plain-text string with the name of this account that is
+   *   used to log in. Only display this name to admins and to the user who owns
+   *   this account, and only in the context of the name used to login. For
+   *   any other display purposes, use
+   *   \Drupal\Core\Session\AccountInterface::getDisplayName() instead.
+   */
+  public function getAccountName();
+
+  /**
+   * Returns the display name of this account.
    *
    * By default, the passed-in object's 'name' property is used if it exists, or
-   * else, the site-defined value for the 'anonymous' variable. However, a module
-   * may override this by implementing
+   * else, the site-defined value for the 'anonymous' variable. However, a
+   * module may override this by implementing
    * hook_user_format_name_alter(&$name, $account).
    *
    * @see hook_user_format_name_alter()
    *
-   * @return
-   *   An unsanitized string with the username to display. The code receiving
-   *   this result must ensure that \Drupal\Component\Utility\SafeMarkup::checkPlain()
-   *   is called on it before it is
-   *   printed to the page.
+   * @return string|\Drupal\Component\Render\MarkupInterface
+   *   Either a string that will be auto-escaped on output or a
+   *   MarkupInterface object that is already HTML escaped. Either is safe
+   *   to be printed within HTML fragments.
    */
-  public function getUsername();
+  public function getDisplayName();
 
   /**
    * Returns the email address of this account.

core/lib/Drupal/Core/Session/AccountProxy.php

@@ -119,7 +119,21 @@ class AccountProxy implements AccountProxyInterface {
    * {@inheritdoc}
    */
   public function getUsername() {
-    return $this->getAccount()->getUsername();
+    return $this->getAccountName();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getAccountName() {
+    return $this->getAccount()->getAccountName();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getDisplayName() {
+    return $this->getAccount()->getDisplayName();
   }
 
   /**

core/lib/Drupal/Core/Session/SessionHandler.php

@@ -63,7 +63,7 @@ class SessionHandler extends AbstractProxy implements \SessionHandlerInterface {
     if (!empty($sid)) {
       // Read the session data from the database.
       $query = $this->connection
-        ->queryRange('SELECT session FROM {sessions} WHERE sid = :sid', 0, 1, ['sid' => Crypt::hashBase64($sid)]);
+        ->queryRange('SELECT session FROM {sessions} WHERE sid = :sid', 0, 1, [':sid' => Crypt::hashBase64($sid)]);
       $data = (string) $query->fetchField();
     }
     return $data;

core/lib/Drupal/Core/Session/UserSession.php

@@ -42,7 +42,7 @@ class UserSession implements AccountInterface {
    *
    * @var string
    */
-  public $name;
+  public $name = '';
 
   /**
    * The preferred language code of the account.
@@ -160,6 +160,20 @@ class UserSession implements AccountInterface {
    * {@inheritdoc}
    */
   public function getUsername() {
+    return $this->getAccountName();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getAccountName() {
+    return $this->name;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getDisplayName() {
     $name = $this->name ?: \Drupal::config('user.settings')->get('anonymous');
     \Drupal::moduleHandler()->alter('user_format_name', $name, $this);
     return $name;