178d5fbd9c24889c397ee2838337541f9f962f0a
max
  Tue Nov 23 15:04:17 2021 -0800
changes after code review, refs #28552

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index 3e3ca78..c2d17d1 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -2289,31 +2289,31 @@
 char *httpsProxy = cfgOption("httpsProxy");
 if (httpsProxy)
     setenv("https_proxy", httpsProxy, TRUE);
 char *ftpProxy = cfgOption("ftpProxy");
 if (ftpProxy)
     setenv("ftp_proxy", ftpProxy, TRUE);
 char *noProxy = cfgOption("noProxy");
 if (noProxy)
     setenv("no_proxy", noProxy, TRUE);
 char *logProxy = cfgOption("logProxy");
 if (logProxy)
     setenv("log_proxy", logProxy, TRUE);
 
 // if ignoreCookie or incognito is on the URL, don't check for cookies
 char *hguid = NULL;
-if ( cgiOptionalString("ignoreCookie") == NULL || cgiOptionalString("incognito") == NULL )
+if ( cgiOptionalString("ignoreCookie") == NULL && cgiOptionalString("incognito") == NULL )
     hguid = getCookieId(cookieName);
 char *hgsid = getSessionId();
 struct cart *cart = cartNew(hguid, hgsid, exclude, oldVars);
 cartExclude(cart, sessionVar);
 return cart;
 }
 
 static void addHttpHeaders()
 /* CGIs can initialize the global variable httpHeaders to control their own HTTP
  * headers. This allows, for example, to prevent web browser caching of hgTracks
  * responses, but implicitly allow web browser caching everywhere else */
 {
 struct slPair *h;
 for (h = httpHeaders; h != NULL; h = h->next)
     {