bec8b07ad2d602943c4ae62323e3f411380f7ec8
max
  Wed Jul 2 05:59:43 2025 -0700
small cart.c changes for readability and cleanup. No redmine.

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index 9381e53cb60..b8ac99fbd4b 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -1527,31 +1527,31 @@
 for (struct slName *sl = excStrs;  sl != NULL;  sl = sl->next)
     {
     if (regexMatch(agent, sl->name))
         {
         fprintf(stderr, "CAPTCHAPASS %s\n", agent);
         return TRUE;
         }
     }
 
 return FALSE;
 }
 
 static boolean captchaCheckDone = FALSE;
 
 void forceUserIdOrCaptcha(struct cart* cart, char *userId, boolean userIdFound, boolean fromCommandLine)
-/* print captcha is user did not sent a valid hguid cookie or a valid
+/* print captcha if user did not sent a valid hguid cookie or a valid
  * cloudflare token. Allow certain IPs and user-agents. */
 {
 // no need to do this again. Can happen if cartNew() is called somewhere else in a CGI
 if (captchaCheckDone)
     return;
 
 captchaCheckDone = TRUE;
 
 if (fromCommandLine || isEmpty(cfgOption(CLOUDFLARESITEKEY)))
     return;
 
 // no captcha for our own QA scripts running on a server with our IP address
 if (botException())
     return;
 
@@ -1566,83 +1566,83 @@
 // when the captcha is solved, our JS code does a full page-reload, no AJAX. That saves us one round-trip.
 // After the reload, the new page URL has the captcha token in the URL argument list, so now we need to validate it
 // and remove it from the cart
 char *token = cgiOptionalString("token");
 if (token && isValidToken(token))
 {
     cartRemove(cart, "token");
     return;
 }
 
 printCaptcha();
 }
 
 void cartRemove(struct cart *cart, char *var);
 
-struct cart *cartNew(char *userId, char *sessionId,
-                     char **exclude, struct hash *oldVars)
-/* Load up cart from user & session id's.  Exclude is a null-terminated list of
- * strings to not include */
+static boolean genericSetupDone = FALSE;
+
+static void genericCgiSetup()
+/* Run steps that all CGIs must do that unrelated to the cart: timeout, logging setup, UDC.
+ */
 {
+// do this only once per CGI
+if (genericSetupDone)
+    return;
+
+genericSetupDone = TRUE;
+
 cgiApoptosisSetup();
 if (cfgOptionBooleanDefault("showEarlyErrors", FALSE))
     errAbortSetDoContentType(TRUE);
 
 if (cfgOptionBooleanDefault("suppressVeryEarlyErrors", FALSE))
     htmlSuppressErrors();
 
 setUdcCacheDir();
 
 netSetTimeoutErrorMsg("A connection timeout means that either the server is offline or its firewall, the UCSC firewall or any router between the two blocks the connection.");
+}
+
+struct cart *cartNew(char *userId, char *sessionId,
+                     char **exclude, struct hash *oldVars)
+/* Load up cart from user & session id's.  Exclude is a null-terminated list of
+ * strings to not include */
+{
+genericCgiSetup();
 
 struct cart *cart;
 struct sqlConnection *conn = cartDefaultConnector();
 char *ex;
 boolean userIdFound = FALSE, sessionIdFound = FALSE;
 
 AllocVar(cart);
 cart->hash = newHash(12);
 cart->exclude = newHash(7);
 cart->userId = userId;
 cart->sessionId = sessionId;
 cart->userInfo = loadDb(conn, userDbTable(), userId, &userIdFound);
 
 cart->sessionInfo = loadDb(conn, sessionDbTable(), sessionId, &sessionIdFound);
 
 boolean fromCli = cgiWasSpoofed(); // QA runs our CGIs from the command line and we debug from there
 
 forceUserIdOrCaptcha(cart, userId, userIdFound, fromCli);
 
 // we rely on the cookie being validated, so if we reset a cookie, do this after the captcha
 if ( cgiOptionalString("ignoreCookie") != NULL )
     cart->userInfo = loadDb(conn, userDbTable(), NULL, &userIdFound);
 
-// Leaving this in the code temporarily, until June 2025 release.
-if (!fromCli && 
-    ((sessionId && !sessionIdFound) || !sessionId) && 
-    (!userId || !userIdFound) && 
-    cfgOptionBooleanDefault("punishInvalidHgsid", FALSE))
-    {
-    fprintf(stderr, "HGSID_WAIT no sessionId and no cookie: 5 seconds penalty");
-    sleep(5);
-    if (sessionId && !sessionIdFound)
-        {
-        fprintf(stderr, "HGSID_WAIT2 sessionId sent but invalid: 10 seconds penalty");
-        sleep(10);
-        }
-    }
-
 if (sessionIdFound)
     cartParseOverHash(cart, cart->sessionInfo->contents);
 else if (userIdFound)
     cartParseOverHash(cart, cart->userInfo->contents);
 else
     {
     char *defaultCartContents = getDefaultCart(conn);
     cartParseOverHash(cart, defaultCartContents);
     }
 char when[1024];
 safef(when, sizeof(when), "open %s %s", userId, sessionId);
 cartTrace(cart, when, conn);
 
 loadCgiOverHash(cart, oldVars);