CVE-2023-40273: Session fixation in Apache Airflow web interface

When I reset the password of the test user through the button Reset Password, I hope that the person who previously had the password of the test user will lose the corresponding authority. However, if others have logged in to the test user before, they can still use the account. {F2630619} {F2630620} In short，Change user password wouldn't prevent an already authenticated user from being able to continue using the UI or API. ## Impact The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user.