[1.8.x] Fixed incorrect session.flush() in cached_db session backend.

      This is a security fix; disclosure to follow shortly.

Thanks Sam Cooke for the report and draft patch.