FIX: Strip `discourse-logged-in` header during `force_anonymous!` (PR #14533)

When the anonymous cache forces users into anonymous mode, it strips the cookies from their request. However, the discourse-logged-in header from the JS client remained.

When the discourse-logged-in header is present without any valid auth_token, the current_user_provider [marks the request as ‘logged out’, and a discourse-logged-out header is returned to the client. This causes the JS app to popup a “you were logged out” modal, which is very disruptive.

This commit strips the discourse-logged-in header from the request at the same time as the auth cookie.

GitHub