3bb802c7f7ff9064a84932f2659fa6ff6657726e
galt
  Mon Jun 30 15:48:32 2014 -0700
Fixes #13530. Users reported that blank cookie values are coming in. Check for them and give appropriate warnings, debugging info, and response when parsing or writing cookie values for webIds.
diff --git src/hg/lib/cartDb.c src/hg/lib/cartDb.c
index a47968c..6b28608 100644
--- src/hg/lib/cartDb.c
+++ src/hg/lib/cartDb.c
@@ -107,31 +107,31 @@
 if (!fileExists(path))
     return NULL;  // There is no result yet
 readInGulp(path, &result, NULL);
 return result;
 }
 
 static void writeAutoUpgradeTableResult(char *tableName, char *result)
 /* Write table upgrade result */
 {
 char path[AUTOUPGRPATHSIZE];
 makeResultName(tableName, path);
 writeGulp(path, result, strlen(result));
 }
 
 
-void autoUpgradeTableAddSesssionKey(struct sqlConnection *conn, char *tableName)
+void autoUpgradeTableAddSessionKey(struct sqlConnection *conn, char *tableName)
 /* Try to upgrade the table by adding sessionKey field
  * in a safe way handling success failures and retries
  * with multiple CGIs running. */
 {
 
 boolean testAgain = checkAutoUpgradeTableResultTimeIsOld(tableName);
 if (testAgain)
     {
     // Get the advisory lock for this table
     // This prevents multiple CGI processes from trying to upgrade simultaneously
     char lockName[256];
     safef(lockName, sizeof lockName, "AUTO_UPGRADE_%s", tableName);
     sqlGetLock(conn, lockName);
 
     // Make sure that the table has not been already upgraded by some earlier process.
@@ -206,37 +206,37 @@
     char *sessionKey = cfgOption2("browser", "sessionKey");
     if (!sessionKey)
 	sessionKey = "on";  // DEFAULT but this might change to another value
     if (sameString(sessionKey, "on"))
 	{
 	useSessionKey = TRUE;
 	struct sqlConnection *conn = cartDefaultConnector();
 	boolean userDbHasSessionKey = cartDbHasSessionKey(conn, "userDb");
 	boolean sessionDbHasSessionKey = cartDbHasSessionKey(conn, "sessionDb");
 	if ( ! (userDbHasSessionKey && sessionDbHasSessionKey) )
 	    {
     	    //errAbort("brower.sessionKey=on but userDb and sessionDb are missing the sessionKey field.");
 	    // AUTO-UPGRADE tables to add missing sessionKey field here.
 	    if (!userDbHasSessionKey)
 		{
-		autoUpgradeTableAddSesssionKey(conn, "userDb");
+		autoUpgradeTableAddSessionKey(conn, "userDb");
 		userDbInitialized = FALSE;
 		userDbHasSessionKey = cartDbHasSessionKey(conn, "userDb");
 		}
     	    if (!sessionDbHasSessionKey)
 		{
-		autoUpgradeTableAddSesssionKey(conn, "sessionDb");
+		autoUpgradeTableAddSessionKey(conn, "sessionDb");
 		sessionDbInitialized = FALSE;
 		sessionDbHasSessionKey = cartDbHasSessionKey(conn, "sessionDb");
 		}
 	    if ( ! (userDbHasSessionKey && sessionDbHasSessionKey) )
 		useSessionKey = FALSE;
 	    }
 	cartDefaultDisconnector(&conn);
 	}
     else if (sameString(sessionKey, "off"))
 	{
 	useSessionKey = FALSE;
 	}
     else if (sameString(sessionKey, "autodetect"))
 	{
 	errAbort("brower.sessionKey=autodetect has not implemented yet."); // TODO
@@ -264,30 +264,37 @@
 
 
 void cartDbSecureId(char *buf, int bufSize, struct cartDb *cartDb)
 /* Return combined string of session id plus sessionKey in buf if turned on.*/
 {
 if (cartDbUseSessionKey() && !sameString(cartDb->sessionKey,""))
     safef(buf, bufSize, "%d_%s", cartDb->id, cartDb->sessionKey);
 else
     safef(buf, bufSize, "%d", cartDb->id);
 }
 
 unsigned int cartDbParseId(char *id, char **pSessionKey)
 /* Parse out the numeric id and id_sessionKey string if present. */
 {
 unsigned int result = 0;
+if (sameString(id,"")) // some users reported blank cookie values.
+    {
+    verbose(1, "cartDbParseId: id with empty string found.");
+    if (pSessionKey)
+	*pSessionKey = NULL;
+    return 0;
+    }
 char *e = strchr(id, '_');
 if (e)
     *e = 0;
 result = sqlUnsigned(id);
 if (e)
     {
     *e = '_';
     if (pSessionKey)
 	*pSessionKey = e+1;
     }
 else
     {
     if (pSessionKey)
 	*pSessionKey = NULL;
     }