Ensure user cookie can be unencoded (#6937)

* Ensure user cookie can be unencoded

* Skip decoding without secret

panel/io/application.py

@@ -98,9 +98,12 @@ def process_request(self, request) -> dict[str, Any]:
         '''
         request_data = super().process_request(request)
         user = request.cookies.get('user')
-        if user:
+        if user and config.cookie_secret:
             from tornado.web import decode_signed_value
-            user = decode_signed_value(config.cookie_secret, 'user', user.value).decode('utf-8')
+            try:
+                user = decode_signed_value(config.cookie_secret, 'user', user.value).decode('utf-8')
+            except Exception:
+                user = user.value
             if user in state._oauth_user_overrides:
                 user_data = json.dumps(state._oauth_user_overrides[user])
                 if state.encryption: