Add path to cookie

I tested the change and it’s safe. Sessions aren’t invalidated. I committed the change today.

Serving multiple Discourse instances from different paths on the same domain will most likely work now, but note that the instances can’t be served from one multisite setup. Multisite is still keyed off of domain, not path.