core: fix session migration when old session can't be loaded

[BeryJu]

Details

closes #14465

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	f9b8cfe
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/681f8747bbd5a70008195c27

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	f9b8cfe
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/681f8747dc4bc200084609cf

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.70%. Comparing base (7d2aa43) to head (f9b8cfe).
Report is 6 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #14466      +/-   ##
==========================================
+ Coverage   92.44%   92.70%   +0.26%     
==========================================
  Files         809      809              
  Lines       41535    41535              
==========================================
+ Hits        38397    38507     +110     
+ Misses       3138     3028     -110     

Flag	Coverage Δ
e2e	47.77% <ø> (+1.18%)	⬆️
integration	24.39% <ø> (ø)
unit	90.57% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-f9b8cfe5c939ffca89e384e1df7a2f22cf7a777e
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-f9b8cfe5c939ffca89e384e1df7a2f22cf7a777e

Afterwards, run the upgrade commands from the latest release notes.

[BeryJu]

/cherry-pick version-2025.4

[gergosimonyi]

Living fossil