diff --git a/core/lib/Drupal/Core/Session/SessionConfiguration.php b/core/lib/Drupal/Core/Session/SessionConfiguration.php
index 8d83eef20c..f59913ee46 100644
--- a/core/lib/Drupal/Core/Session/SessionConfiguration.php
+++ b/core/lib/Drupal/Core/Session/SessionConfiguration.php
@@ -92,8 +92,11 @@ protected function getUnprefixedName(Request $request) {
       $session_name = $this->options['cookie_domain'];
     }
     else {
-      // Otherwise use $base_url as session name, without the protocol
-      // to use the same session identifiers across HTTP and HTTPS.
+      // Otherwise use base URL as session name, without the protocol
+      // to use the same session identifiers across HTTP and HTTPS. Hash salt
+      // is required to clearly distinguish between different website code
+      // bases for example Drupal 7 to Drupal 8 upgrade with the same host and
+      // base path.
       $session_name = $request->getHost() . $request->getBasePath() . Settings::getHashSalt();
       // Replace "core" out of session_name so core scripts redirect properly,
       // specifically install.php.