b16a54cb0209ba472e8a5e2e8babd7438640deb8
max
  Wed Jul 2 05:47:22 2025 -0700
fix view/edit button on hgSession after captcha changes, refs #36024

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index 3f5f9ab8dd6..9381e53cb60 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -1524,34 +1524,42 @@
     return FALSE;
 
 struct excReStr;
 for (struct slName *sl = excStrs;  sl != NULL;  sl = sl->next)
     {
     if (regexMatch(agent, sl->name))
         {
         fprintf(stderr, "CAPTCHAPASS %s\n", agent);
         return TRUE;
         }
     }
 
 return FALSE;
 }
 
+static boolean captchaCheckDone = FALSE;
+
 void forceUserIdOrCaptcha(struct cart* cart, char *userId, boolean userIdFound, boolean fromCommandLine)
 /* print captcha is user did not sent a valid hguid cookie or a valid
  * cloudflare token. Allow certain IPs and user-agents. */
 {
+// no need to do this again. Can happen if cartNew() is called somewhere else in a CGI
+if (captchaCheckDone)
+    return;
+
+captchaCheckDone = TRUE;
+
 if (fromCommandLine || isEmpty(cfgOption(CLOUDFLARESITEKEY)))
     return;
 
 // no captcha for our own QA scripts running on a server with our IP address
 if (botException())
     return;
 
 if (isUserAgentException())
     return;
 
 // Do not show a captcha if we have a valid cookie 
 // but for debugging, it's nice to be able to force the captcha
 if (userId && userIdFound && !cgiOptionalString("captcha"))
     return;