diff --git src/wp-admin/js/customize-controls.js src/wp-admin/js/customize-controls.js
index bd48ebe652..2d13952a42 100644
--- src/wp-admin/js/customize-controls.js
+++ src/wp-admin/js/customize-controls.js
@@ -7775,9 +7775,6 @@
 				if ( ! api.state( 'activated' ).get() ) {
 					params.customize_theme = api.settings.theme.stylesheet;
 				}
-				if ( api.settings.changeset.autosaved || ! api.state( 'saved' ).get() ) {
-					params.customize_autosaved = 'on';
-				}
 
 				urlParser.search = $.param( params );
 				return urlParser.href;
diff --git src/wp-includes/class-wp-customize-manager.php src/wp-includes/class-wp-customize-manager.php
index 607349b04a..47c36487a1 100644
--- src/wp-includes/class-wp-customize-manager.php
+++ src/wp-includes/class-wp-customize-manager.php
@@ -1130,7 +1130,7 @@ final class WP_Customize_Manager {
 		if ( ! $changeset_post_id ) {
 			$this->_changeset_data = array();
 		} else {
-			if ( $this->autosaved() ) {
+			if ( $this->autosaved() && is_user_logged_in() ) {
 				$autosave_post = wp_get_post_autosave( $changeset_post_id, get_current_user_id() );
 				if ( $autosave_post ) {
 					$data = $this->get_changeset_post_data( $autosave_post->ID );
@@ -2873,10 +2873,12 @@ final class WP_Customize_Manager {
 				$post_array['edit_date'] = true; // Prevent date clearing.
 				$r = wp_update_post( wp_slash( $post_array ), true );
 
-				// Delete autosave revision when the changeset is updated.
-				$autosave_draft = wp_get_post_autosave( $changeset_post_id, get_current_user_id() );
-				if ( $autosave_draft ) {
-					wp_delete_post( $autosave_draft->ID, true );
+				// Delete autosave revision for user when the changeset is updated.
+				if ( ! empty( $args['user_id'] ) ) {
+					$autosave_draft = wp_get_post_autosave( $changeset_post_id, $args['user_id'] );
+					if ( $autosave_draft ) {
+						wp_delete_post( $autosave_draft->ID, true );
+					}
 				}
 			}
 		} else {
@@ -3496,6 +3498,11 @@ final class WP_Customize_Manager {
 			wp_send_json_error( 'invalid_nonce', 403 );
 		}
 
+		// Calls to dismiss_user_auto_draft_changesets() and wp_get_post_autosave() require non-zero get_current_user_id().
+		if ( ! is_user_logged_in() ) {
+			wp_send_json_error( 'not_authenticated', 401 );
+		}
+
 		$changeset_post_id = $this->changeset_post_id();
 		$dismiss_lock = ! empty( $_POST['dismiss_lock'] );
 		$dismiss_autosave = ! empty( $_POST['dismiss_autosave'] );
@@ -4543,7 +4550,9 @@ final class WP_Customize_Manager {
 		$changeset_post_id = $this->changeset_post_id();
 		if ( ! $this->saved_starter_content_changeset && ! $this->autosaved() ) {
 			if ( $changeset_post_id ) {
-				$autosave_revision_post = wp_get_post_autosave( $changeset_post_id, get_current_user_id() );
+				if ( is_user_logged_in() ) {
+					$autosave_revision_post = wp_get_post_autosave( $changeset_post_id, get_current_user_id() );
+				}
 			} else {
 				$autosave_autodraft_posts = $this->get_changeset_posts( array(
 					'posts_per_page' => 1,