github.com/zitadel/zitadel is vulnerable to session fixation. The vulnerability exists due to the insufficient session expiration mechanism used in the library, allowing an attacker to use the access token to continue the session without refreshing the token when the user is locked or deactivated.