From f1c785c49ddc0c13ecaed6507c97cc93ca3d9c9f Mon Sep 17 00:00:00 2001
From: Vivek Pathak <123768721+KumarVivekPathak@users.noreply.github.com>
Date: Tue, 11 Feb 2025 23:51:14 +0530
Subject: [PATCH] fix construction of cookie using user supplied input #12808
 (#13029)

---
 kolibri/core/auth/api.py | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/kolibri/core/auth/api.py b/kolibri/core/auth/api.py
index 3a6e1bfa9f6..f7dd589a5f3 100644
--- a/kolibri/core/auth/api.py
+++ b/kolibri/core/auth/api.py
@@ -1046,17 +1046,12 @@ def get_session_response(self, request):
 
         if isinstance(user, AnonymousUser):
             response = Response(session)
-            if not request.COOKIES.get("visitor_id"):
-                visitor_id = str(uuid4().hex)
-                response.set_cookie(
-                    "visitor_id", visitor_id, expires=visitor_cookie_expiry
-                )
-            else:
-                response.set_cookie(
-                    "visitor_id",
-                    request.COOKIES.get("visitor_id"),
-                    expires=visitor_cookie_expiry,
-                )
+            try:
+                visitor_id = request.COOKIES.get("visitor_id")
+                visitor_id = UUID(visitor_id, version=4).hex
+            except (ValueError, TypeError):
+                visitor_id = uuid4().hex
+            response.set_cookie("visitor_id", visitor_id, expires=visitor_cookie_expiry)
             return response
         # Set last activity on session to the current time to prevent session timeout
         # Only do this for logged in users, as anonymous users cannot get logged out!