From 573ead704e8dcd786b7d30a343b032412b0b7103 Mon Sep 17 00:00:00 2001
From: Philipp Rudiger <prudiger@anaconda.com>
Date: Tue, 25 Jun 2024 13:41:06 +0200
Subject: [PATCH] Ensure user cookie can be unencoded (#6937)

* Ensure user cookie can be unencoded

* Skip decoding without secret
---
 panel/io/application.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/panel/io/application.py b/panel/io/application.py
index 9645176bd3..ee8906ad56 100644
--- a/panel/io/application.py
+++ b/panel/io/application.py
@@ -98,9 +98,12 @@ def process_request(self, request) -> dict[str, Any]:
         '''
         request_data = super().process_request(request)
         user = request.cookies.get('user')
-        if user:
+        if user and config.cookie_secret:
             from tornado.web import decode_signed_value
-            user = decode_signed_value(config.cookie_secret, 'user', user.value).decode('utf-8')
+            try:
+                user = decode_signed_value(config.cookie_secret, 'user', user.value).decode('utf-8')
+            except Exception:
+                user = user.value
             if user in state._oauth_user_overrides:
                 user_data = json.dumps(state._oauth_user_overrides[user])
                 if state.encryption: