SECURITY: Ensure _forum_session cookies cannot be reused between site… (PR #14949)

…s (stable)

This only affects multisite Discourse instances (where multiple forums are served from a single application server). The vast majority of self-hosted Discourse forums do not fall into this category.

On affected instances, this vulnerability could allow encrypted session cookies to be re-used between sites served by the same application instance.

GitHub