I've seen clean failures in my production error log files due to UnpicklingError: invalid load key, '\x00'. I suspect the session file was created by attackers. This would 1) break the cleansing thread, leaving many expired sessions not cleaned up, also 2) I tend to think it's not good/safe to ignore and keep these "bad" session files. Below is the original traceback info in the error log.

Traceback (most recent call last):
  File "C:\Program Files (x86)\Python311-32\Lib\site-packages\cherrypy\process\plugins.py", line 518, in run
    self.function(*self.args, **self.kwargs)
  File "C:\Program Files (x86)\Python311-32\Lib\site-packages\cherrypy\lib\sessions.py", line 586, in clean_up
    contents = self._load(path)
               ^^^^^^^^^^^^^^^^
  File "C:\Program Files (x86)\Python311-32\Lib\site-packages\cherrypy\lib\sessions.py", line 520, in _load
    return pickle.load(f)
           ^^^^^^^^^^^^^^
_pickle.UnpicklingError: invalid load key, '\x00'.

What is the current behavior? (You can also link to an open issue here)
UnpicklingError: invalid load key, '\x00' would break the cleansing thread, leaving many expired sessions not cleaned up, also I tend to think it's not good/safe to ignore and keep these "bad" session files.

What is the new behavior (if this is a feature change)?
If pickling a session file is throwing pickling error, then just delete that file.