1363e178b292e47349dfbc7b5158ac5c1ceb0e2a
angie
  Wed Dec 14 14:13:46 2016 -0800
Instead of requiring that loginValidateCookies() be called before wikiLinkUserName is called, just call it if necessary in wikiLinkUserName.  Avoids clashes with other squirrelly paths to wikiLinkUserName.  refs #17327, #12216#note-28

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index 42e5da3..7a9f655 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -469,35 +469,30 @@
 assert(hashNumEntries(hash) == 0);
 }
 
 #ifndef GBROWSE
 void cartLoadUserSession(struct sqlConnection *conn, char *sessionOwner,
 			 char *sessionName, struct cart *cart,
 			 struct hash *oldVars, char *actionVar)
 /* If permitted, load the contents of the given user's session, and then
  * reload the CGI settings (to support override of session settings).
  * If non-NULL, oldVars will contain values overloaded when reloading CGI.
  * If non-NULL, actionVar is a cartRemove wildcard string specifying the
  * CGI action variable that sent us here. */
 {
 struct sqlResult *sr = NULL;
 char **row = NULL;
-/* Validate login cookies if login is enabled -- must be called before wikiLinkUserName */
-if (loginSystemEnabled())
-    {
-    loginValidateCookies(cart);
-    }
 char *userName = wikiLinkUserName();
 char *encSessionName = cgiEncodeFull(sessionName);
 char *encSessionOwner = cgiEncodeFull(sessionOwner);
 char query[512];
 
 if (isEmpty(sessionOwner))
     errAbort("Please go back and enter a wiki user name for this session.");
 if (isEmpty(sessionName))
     errAbort("Please go back and enter a session name to load.");
 
 sqlSafef(query, sizeof(query), "SELECT shared, contents FROM %s "
       "WHERE userName = '%s' AND sessionName = '%s';",
       namedSessionTable, encSessionOwner, encSessionName);
 sr = sqlGetResult(conn, query);
 if ((row = sqlNextRow(sr)) != NULL)