8b35afcffcef1574bcf91ed352c660033929ee74
jcasper
  Thu Jan 15 12:21:33 2026 -0800
Setting the new botdelay scheme (which we've been using for a while) to be the default, refs #36952

diff --git src/hg/lib/botDelay.c src/hg/lib/botDelay.c
index f67a499ddd8..5d005945ef6 100644
--- src/hg/lib/botDelay.c
+++ src/hg/lib/botDelay.c
@@ -112,31 +112,31 @@
 {
 char hgsid[1024];
 // Just in case it's egregiously large, we only need the first part to decide if it's valid.
 safencpy(hgsid, sizeof(hgsid), raw_hgsid, 50);
 if (regexMatch(hgsid, "^[0-9][0-9]*_[a-zA-Z0-9]{28}$"))
     return TRUE;
 return FALSE;
 }
 
 
 char *getBotCheckString(char *ip, double fraction)
 /* compose "user.ip fraction" string for bot check */
 {
 char *cookieUserId = getCookieUser();
 char *botCheckString = needMem(256);
-boolean useNew = cfgOptionBooleanDefault("newBotDelay", FALSE);
+boolean useNew = cfgOptionBooleanDefault("newBotDelay", TRUE);
 if (useNew)
     {
         // the new strategy is: bottleneck on apiKey, then cookie-userId, then
         // hgsid, and only if none of these is available, on IP address. Also, check
         // apiKey and cookieId if they are valid, check hgsid if the string looks OK.
         char *apiKey = cgiOptionalString("apiKey");
         if (apiKey)
             {
             // Here we do a mysql query before the bottleneck is complete. 
             // And this is better than handling the request without bottleneck
             // The connection is closed right away, so if the bottleneck leads to a long sleep, it won't tie up
             // the MariaDB server. The cost of opening a connection is less than 1msec.
             struct sqlConnection *conn = hConnectCentralNoCache();
             char *userName = userNameForApiKey(conn, apiKey);
             sqlDisconnect(&conn);