ce16fc5a8df55c02029781b267936bde5110264e
angie
  Mon May 16 12:04:05 2016 -0700
Oops, cartLoadUserSession is called before cartWriteCookie, so it needs to call loginSystemValidateCookies first.
refs #17327

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index 377e8fd..7d8ed3f 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -469,30 +469,35 @@
 assert(hashNumEntries(hash) == 0);
 }
 
 #ifndef GBROWSE
 void cartLoadUserSession(struct sqlConnection *conn, char *sessionOwner,
 			 char *sessionName, struct cart *cart,
 			 struct hash *oldVars, char *actionVar)
 /* If permitted, load the contents of the given user's session, and then
  * reload the CGI settings (to support override of session settings).
  * If non-NULL, oldVars will contain values overloaded when reloading CGI.
  * If non-NULL, actionVar is a cartRemove wildcard string specifying the
  * CGI action variable that sent us here. */
 {
 struct sqlResult *sr = NULL;
 char **row = NULL;
+/* Validate login cookies if login is enabled */
+if (loginSystemEnabled())
+    {
+    loginSystemValidateCookies();
+    }
 char *userName = wikiLinkUserName();
 char *encSessionName = cgiEncodeFull(sessionName);
 char *encSessionOwner = cgiEncodeFull(sessionOwner);
 char query[512];
 
 if (isEmpty(sessionOwner))
     errAbort("Please go back and enter a wiki user name for this session.");
 if (isEmpty(sessionName))
     errAbort("Please go back and enter a session name to load.");
 
 sqlSafef(query, sizeof(query), "SELECT shared, contents FROM %s "
       "WHERE userName = '%s' AND sessionName = '%s';",
       namedSessionTable, encSessionOwner, encSessionName);
 sr = sqlGetResult(conn, query);
 if ((row = sqlNextRow(sr)) != NULL)