Posted by navaneeth_r on October 12, 2009 at 12:58pm
Hi
Drupal version: 5.3
Captcha module version: 5.x-3.1
The current version of Captcha doesnot work with Page cache enabled. This could be a big disadvantage in a large site with many pages. To resolve the same and cache the page content we could apply the below patch.
Refer patch at http://drupal.org/node/602226.
We could furthur enhance and work towards removing session for anonymous user entirely and cache the captcha along with the page cache, refersh it only when used. Any suggestions.
Thanks
Comments
I totally agree. I have a
I totally agree. I have a busy site and I absolutely can't use any modules that turn off page caching.
But here's the problem:
If Users A and B load a page at about the same time, they'll both get the same captcha image, right?
So if user A submits the form, what happens to user B? If you already trashed that captcha, then B will get an error message no matter what! (even if they enter the letters correctly).
But if you accept B's submission with the duplicate captcha, then that means a spam bot or some malicious user could also reuse that one solved captcha to submit a form many, many times.
But all is not lost. Here's my idea: I think the right answer is to stop storing user-specific information in the page in the first place! Why do we need that ID number in the
<img src="/image_captcha/1029175738">tag. I suggest just making the request always look like<img src="/image_captcha/get_image">for everyone and then let the function that creates the image take care of serving a new challenge and storing the answer in the SESSION or its own cookie. Am I missing anything?Hashcash
Try this
http://drupal.org/project/hashcash