Need to clear session table to reset passwords in Airflow 3.2

[bernvaughn]

Under which category would you file this issue?

Airflow Core

Apache Airflow version

3.2.0

What happened and how to reproduce it?

We upgraded to Airflow 3.2 to resolve a vulnerability, and I was unable to reset one of my coworker's passwords. I got a generic error in the UI. I pasted the error from the logs below.

I needed to truncate the session table, and then I was able to reset my coworker's password successfully.

ssh <server> 'docker exec <CONTAINER_NAME> psql -U ${AIRFLOW_VAR_POSTGRES_USER} -d ${AIRFLOW_VAR_POSTGRES_DB} -c "TRUNCATE TABLE session;"'

2026-04-17T12:31:07.428285Z [error    ] Exception on /resetpassword/form [POST] [airflow.providers.fab.www.app] loc=app.py:1744
Traceback (most recent call last):
  File "/home/airflow/.local/lib/python3.12/site-packages/flask/app.py", line 2529, in wsgi_app
    response = self.full_dispatch_request()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/airflow/.local/lib/python3.12/site-packages/flask/app.py", line 1825, in full_dispatch_request
    rv = self.handle_user_exception(e)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/airflow/.local/lib/python3.12/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/airflow/.local/lib/python3.12/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/airflow/.local/lib/python3.12/site-packages/flask_appbuilder/security/decorators.py", line 170, in wraps
    return f(self, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/airflow/.local/lib/python3.12/site-packages/flask_appbuilder/views.py", line 101, in this_form_post
    response = self.form_post(form)
               ^^^^^^^^^^^^^^^^^^^^
  File "/home/airflow/.local/lib/python3.12/site-packages/flask_appbuilder/security/views.py", line 121, in form_post
    self.appbuilder.sm.reset_password(pk, form.password.data)
  File "/home/airflow/.local/lib/python3.12/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py", line 565, in reset_password
    self.reset_user_sessions(user)
  File "/home/airflow/.local/lib/python3.12/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py", line 589, in reset_user_sessions
    session_details = interface.serializer.decode(want_bytes(s.data))
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/airflow/.local/lib/python3.12/site-packages/airflow/providers/fab/www/session.py", line 35, in loads
    return decoder.decode(data)
           ^^^^^^^^^^^^^^^^^^^^
msgspec.DecodeError: MessagePack data is malformed: trailing characters (byte 1)

What you think should happen instead?

I think this has to do with the session serializer changing from Airflow 3.1.8 to 3.2.0. The session table should be cleared automatically when migrating, or the error message in the UI should at least say "clear the sessions", or something.

Operating System

rhel 8.6

Deployment

Docker-Compose

Apache Airflow Provider(s)

No response

Versions of Apache Airflow Providers

apache-airflow==3.2.0
apache-airflow-client==3.1.3
apache-airflow-providers-amazon==9.22.0
apache-airflow-providers-celery==3.15.0
apache-airflow-providers-common-compat==1.14.3
apache-airflow-providers-common-io==1.7.2
apache-airflow-providers-common-sql==1.34.0
apache-airflow-providers-fab==3.6.1
apache-airflow-providers-ftp==3.14.0
apache-airflow-providers-http==6.0.0
apache-airflow-providers-imap==3.10.0
apache-airflow-providers-postgres==6.5.0
apache-airflow-providers-sftp==5.5.0
apache-airflow-providers-smtp==2.4.5
apache-airflow-providers-snowflake==6.7.0
apache-airflow-providers-sqlite==4.2.0
apache-airflow-providers-ssh==4.2.0
apache-airflow-providers-standard==1.12.3

Official Helm Chart version

Not Applicable

Kubernetes Version

Not Applicable

Helm Chart configuration

No response

Docker Image customizations

FROM docker.io/apache/airflow:3.2.0-python3.12

USER root

RUN apt-get update && \
    apt-get install -y \
    bash \
    git \
    build-essential \
    gcc \
    libffi-dev \
    musl-dev \
    libpq-dev \
    xmlsec1 \
    postgresql

# disable strict host key checking for ssh to support saspy
RUN echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config

USER airflow

# set dontwritebytecode to prevent __pycache__ directories
# we don't need them in the container, and it is making things bloat
ENV PYTHONDONTWRITEBYTECODE=1

COPY requirements/production.txt .
# use --no-compile to prevent .pyc files from being created
# use --no-cache-dir to prevent pip from caching the downloaded packages
# both of these is to save space / prevent bloat in the container
RUN pip install -r production.txt --no-compile --no-cache-dir

COPY plugins /opt/airflow/plugins
COPY dags /opt/airflow/dags

Anything else?

No response

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[eladkal]

cc @vincbeck

[vincbeck]

Looks like a duplicate of #64921?