04e020b9f6e9910f06508451888b07bbcd01eadd
max
  Wed May 21 14:08:37 2025 -0700
special penalty for bots with invalid hgsids

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index 010c27d83d6..3b17ad8f902 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -1467,37 +1467,42 @@
 
 
 struct cart *cart;
 struct sqlConnection *conn = cartDefaultConnector();
 char *ex;
 boolean userIdFound = FALSE, sessionIdFound = FALSE;
 
 AllocVar(cart);
 cart->hash = newHash(12);
 cart->exclude = newHash(7);
 cart->userId = userId;
 cart->sessionId = sessionId;
 cart->userInfo = loadDb(conn, userDbTable(), userId, &userIdFound);
 cart->sessionInfo = loadDb(conn, sessionDbTable(), sessionId, &sessionIdFound);
 
-if (sessionIdFound && !userIdFound && !cgiWasSpoofed() && cfgOptionBooleanDefault("noCookieTrace", FALSE))
+if (sessionIdFound && !userIdFound && !cgiWasSpoofed() && cfgOptionBooleanDefault("cartTrace", FALSE))
     fprintf(stderr, "HGSID_WITHOUT_COOKIE\n");
 
 if (((sessionId && !sessionIdFound) || !sessionId) && (!userId || !userIdFound) && cfgOptionBooleanDefault("punishInvalidHgsid", FALSE))
     {
-    fprintf(stderr, "HGSID_WAIT invalid sessionId and invalid cookie: 6 seconds penalty");
-    sleep(6);
+    fprintf(stderr, "HGSID_WAIT no sessionId and no cookie: 5 seconds penalty");
+    sleep(5);
+    if (sessionId && !sessionIdFound)
+        {
+        fprintf(stderr, "HGSID_WAIT2 sessionId sent but invalid: 10 seconds penalty");
+        sleep(10);
+        }
     }
 
 
 if (sessionIdFound)
     cartParseOverHash(cart, cart->sessionInfo->contents);
 else if (userIdFound)
     cartParseOverHash(cart, cart->userInfo->contents);
 else
     {
     char *defaultCartContents = getDefaultCart(conn);
     cartParseOverHash(cart, defaultCartContents);
     }
 char when[1024];
 safef(when, sizeof(when), "open %s %s", userId, sessionId);
 cartTrace(cart, when, conn);