When the user sets up the database in the setup wizard, the database configuration is temporarily stored in cookies. The cookie is deleted after the setup is finished or when the browser is closed, but, still, it's not a good idea to store sensitive information in cookies. We should use sessions instead.

This must be fixed in 2.4 only.