src/hg/lib/cart.c 3bb802c7f7ff9064a84932f2659fa6ff6657726e

3bb802c7f7ff9064a84932f2659fa6ff6657726e
galt
  Mon Jun 30 15:48:32 2014 -0700
Fixes #13530. Users reported that blank cookie values are coming in. Check for them and give appropriate warnings, debugging info, and response when parsing or writing cookie values for webIds.
diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index c7dfa77..60835df 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -1435,32 +1435,45 @@
 void cartWriteCookie(struct cart *cart, char *cookieName)
 /* Write out HTTP Set-Cookie statement for cart. */
 {
 char *domain = cfgVal("central.domain");
 if (sameWord("HTTPHOST", domain))
     {
     // IE9 does not accept portnames in cookie domains
     char *hostWithPort = hHttpHost();
     struct netParsedUrl npu;
     netParseUrl(hostWithPort, &npu);
     domain = cloneString(npu.host);
     }
 
 char userIdKey[256];
 cartDbSecureId(userIdKey, sizeof userIdKey, cart->userInfo);
+// Some users reported blank cookie values. Do we see that here?
+if (sameString(userIdKey,"")) // make sure we do not write any blank cookies.
+    {
+    // Be sure we do not lose this message.
+    // Because the error happens so early we cannot trust that the warn and error handlers
+    // are setup correctly and working.
+    verbose(1, "unexpected error in cartWriteCookie: userId string is empty.");
+    dumpStack( "unexpected error in cartWriteCookie: userId string is empty.");
+    warn(      "unexpected error in cartWriteCookie: userId string is empty.");
+    }
+else
+    {
     printf("Set-Cookie: %s=%s; path=/; domain=%s; expires=%s\r\n",
 	    cookieName, userIdKey, domain, cookieDate());
+    }
 if (geoMirrorEnabled())
     {
     // This occurs after the user has manually choosen to go back to the original site; we store redirect value into a cookie so we 
     // can use it in subsequent hgGateway requests before loading the user's cart
     char *redirect = cgiOptionalString("redirect");
     if (redirect)
         {
         printf("Set-Cookie: redirect=%s; path=/; domain=%s; expires=%s\r\n", redirect, cgiServerName(), cookieDate());
         }
     }
 }
 
 struct cart *cartForSession(char *cookieName, char **exclude,
                             struct hash *oldVars)
 /* This gets the cart without writing any HTTP lines at all to stdout. */