diff --git a/Cargo.lock b/Cargo.lock
index 44fc2104..0a366a19 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3920,6 +3920,7 @@ dependencies = [
  "tower-service",
  "tracing",
  "tracing-subscriber",
+ "uuid",
  "web-proof-circuits-witness-generator",
  "ws_stream_tungstenite 0.13.0 (git+https://github.com/pluto/ws_stream_tungstenite.git?branch=latest)",
 ]
@@ -7086,6 +7087,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a"
 dependencies = [
  "getrandom 0.2.15",
+ "serde",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 00afbd2d..e1a9e8c8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -54,6 +54,8 @@ tokio-rustls={ version="0.26.0", default-features=false, features=["logging", "t
 # circuits witness generator
 web-proof-circuits-witness-generator={ git="https://github.com/pluto/web-prover-circuits", rev="0a09df087612d45fa3b0d5914d93c72417edb58b" }
 
+uuid={ version="1.10.0", default-features=false, features=["v4", "serde"] }
+
 [package]
 name   ="webprover"
 edition="2021"
diff --git a/book/book.toml b/book/book.toml
index 5ab9f75d..53142352 100644
--- a/book/book.toml
+++ b/book/book.toml
@@ -12,21 +12,21 @@ extra-watch-dirs=[] # Don't watch any extra directories
 create-missing=false # Don't create missing files
 use-default-preprocessors=false
 exclude=[
-    "target/**/*",
-    "**/target/**/*",
-    "**/node_modules/**/*",
-    "client_wasm/demo/**/*",              # Explicitly exclude all demo content
-    "client_wasm/demo/static/build/**/*", # Extra specific exclusion for build artifacts
-    "client_wasm/demo/pkg/**/*",          # Extra specific exclusion for pkg
-    "client_wasm/demo/node_modules/**/*", # Extra specific exclusion for node_modules
-    "build/**/*",
-    "bin/**/*",
-    "client/**/*",
-    "client_ios/**/*",
-    "fixture/**/*",
-    "notary/**/*",
-    "tls/**/*",
-    "proofs/src/**/*",
+  "target/**/*",
+  "**/target/**/*",
+  "**/node_modules/**/*",
+  "client_wasm/demo/**/*",              # Explicitly exclude all demo content
+  "client_wasm/demo/static/build/**/*", # Extra specific exclusion for build artifacts
+  "client_wasm/demo/pkg/**/*",          # Extra specific exclusion for pkg
+  "client_wasm/demo/node_modules/**/*", # Extra specific exclusion for node_modules
+  "build/**/*",
+  "bin/**/*",
+  "client/**/*",
+  "client_ios/**/*",
+  "fixture/**/*",
+  "notary/**/*",
+  "tls/**/*",
+  "proofs/src/**/*",
 ]
 
 [preprocessor.links]
diff --git a/client/Cargo.toml b/client/Cargo.toml
index 630f8cc4..c59b7c22 100644
--- a/client/Cargo.toml
+++ b/client/Cargo.toml
@@ -65,7 +65,7 @@ tokio-util={ version="0.7", features=[
 chrono="0.4"
 p256={ version="0.13", features=["pem", "ecdsa"] }
 
-uuid={ version="1.10.0", default-features=false, features=["v4"] }
+uuid={ workspace=true }
 
 clap      ={ workspace=true }
 serde_with={ version="3.12.0", features=["base64"] }
diff --git a/notary/Cargo.toml b/notary/Cargo.toml
index cf533dc3..f983eedd 100644
--- a/notary/Cargo.toml
+++ b/notary/Cargo.toml
@@ -54,6 +54,7 @@ rs_merkle       ="1.4.2"
 alloy-primitives={ version="0.8.2", features=["k256"] }
 k256            ={ version="0.13.3", features=["ecdsa"] }
 reqwest         ={ version="0.12", features=["json"] }
+uuid            ={ workspace=true }
 
 tls-client2={ workspace=true }
 
diff --git a/notary/src/origo.rs b/notary/src/origo.rs
index 6d778db9..d1a8ebc3 100644
--- a/notary/src/origo.rs
+++ b/notary/src/origo.rs
@@ -24,6 +24,7 @@ use tokio::{
 };
 use tokio_util::compat::FuturesAsyncReadCompatExt;
 use tracing::{debug, error, info};
+use uuid::Uuid;
 use web_proof_circuits_witness_generator::polynomial_digest;
 use ws_stream_tungstenite::WsStream;
 
@@ -37,7 +38,7 @@ use crate::{
 
 #[derive(Deserialize)]
 pub struct SignQuery {
-  session_id: String,
+  session_id: Uuid,
 }
 
 #[derive(Serialize)]
@@ -63,7 +64,8 @@ pub async fn sign(
   State(state): State<Arc<SharedState>>,
   extract::Json(payload): extract::Json<SignBody>,
 ) -> Result<Json<SignReply>, ProxyError> {
-  let transcript = state.origo_sessions.lock().unwrap().get(&query.session_id).cloned().unwrap();
+  let transcript =
+    state.origo_sessions.lock().unwrap().get(&query.session_id.to_string()).cloned().unwrap();
 
   let handshake_server_key = hex::decode(payload.handshake_server_key).unwrap();
   let handshake_server_iv = hex::decode(payload.handshake_server_iv).unwrap();
@@ -102,7 +104,7 @@ pub async fn sign(
     .verifier_sessions
     .lock()
     .unwrap()
-    .insert(query.session_id.clone(), VerifierInputs { request_messages, response_messages });
+    .insert(query.session_id.to_string(), VerifierInputs { request_messages, response_messages });
 
   // TODO check OSCP and CT (maybe)
   // TODO check target_name matches SNI and/or cert name (let's discuss)
@@ -215,7 +217,7 @@ impl Hasher for KeccakHasher {
 
 #[derive(Deserialize)]
 pub struct NotarizeQuery {
-  session_id:  String,
+  session_id:  Uuid,
   target_host: String,
   target_port: u16,
 }
@@ -245,7 +247,7 @@ pub async fn proxy(
   query: Query<NotarizeQuery>,
   State(state): State<Arc<SharedState>>,
 ) -> Response {
-  let session_id = query.session_id.clone();
+  let session_id = query.session_id.to_string();
 
   info!("Starting notarize with ID: {}", session_id);
 
diff --git a/notary/src/proxy.rs b/notary/src/proxy.rs
index 5359efe7..2fe15928 100644
--- a/notary/src/proxy.rs
+++ b/notary/src/proxy.rs
@@ -13,12 +13,13 @@ use reqwest::{Request, Response};
 use serde::Deserialize;
 use serde_json::Value;
 use tracing::{debug, info};
+use uuid::Uuid;
 
 use crate::{errors::NotaryServerError, SharedState};
 
 #[derive(Deserialize)]
 pub struct NotarizeQuery {
-  session_id: String,
+  session_id: Uuid,
 }
 
 pub async fn proxy(
diff --git a/notary/src/tee.rs b/notary/src/tee.rs
index ae2d11e7..53caa3ce 100644
--- a/notary/src/tee.rs
+++ b/notary/src/tee.rs
@@ -21,6 +21,7 @@ use tls_client2::tls_core::msgs::message::MessagePayload;
 use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
 use tokio_util::compat::FuturesAsyncReadCompatExt;
 use tracing::{debug, error, field::debug, info};
+use uuid::Uuid;
 use ws_stream_tungstenite::WsStream;
 
 use crate::{
@@ -34,7 +35,7 @@ use crate::{
 
 #[derive(Deserialize)]
 pub struct NotarizeQuery {
-  session_id:  String,
+  session_id:  Uuid,
   target_host: String,
   target_port: u16,
 }
@@ -44,7 +45,7 @@ pub async fn proxy(
   query: Query<NotarizeQuery>,
   State(state): State<Arc<SharedState>>,
 ) -> Response {
-  let session_id = query.session_id.clone();
+  let session_id = query.session_id.to_string();
 
   info!("Starting notarize with ID: {}", session_id);
 
diff --git a/notary/src/tlsn.rs b/notary/src/tlsn.rs
index be273b31..73ff7580 100644
--- a/notary/src/tlsn.rs
+++ b/notary/src/tlsn.rs
@@ -14,6 +14,7 @@ use tlsn_verifier::tls::{Verifier, VerifierConfig};
 use tokio::io::{AsyncRead, AsyncWrite};
 use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
 use tracing::{debug, error, info};
+use uuid::Uuid;
 use ws_stream_tungstenite::WsStream;
 
 use crate::{
@@ -84,7 +85,7 @@ pub async fn notary_service<S: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
 
 #[derive(Deserialize)]
 pub struct NotarizeQuery {
-  session_id: String,
+  session_id: Uuid,
 }
 
 // TODO Response or impl IntoResponse?
@@ -93,7 +94,7 @@ pub async fn notarize(
   query: Query<NotarizeQuery>,
   State(state): State<Arc<SharedState>>,
 ) -> Response {
-  let session_id = query.session_id.clone();
+  let session_id = query.session_id.to_string();
 
   debug!("Starting notarize with ID: {}", session_id);