testsession/start now includes a comment of the form <!-- SUCCESS: DBNAME=DatabaseName -->,
which can be used by behat and other consumers to validate that the tesession was actually
started.
It's included the database name in its output, which is a small piece of information
disclosure, but not a big deal compared to the generally dev-only nature of this module.
It requires a fix to Cookie::set(), to ensure that set cookies also apperar immediately
in $_COOKIE. Otherwise the call to DB::get_alternative_database_name() after it is set
won't return a value.
Otherwise we'll get into a catch22 if it's not set:
The manifest includes this _config.php, which in turn
throws a fatal exception on the token not existing.
It would be recreated a couple of lines further down in Core.php
when the ConfigManifest is pushed, but never gets this far.
