0

I'm implementing a 3D CAPTCHA for my website.

My original idea was to store the expected captcha solution in a session variable. After a user submits a form, I'd compare it with their response.

What happens if the user opens my website in multiple tabs though? For each tab a new CAPTCHA challenge is generated and the expected response variable in the session is overwritten.

Now consider the user submits a form in an "old" tab. Since the expected response variable in the session has been overwritten, they won't pass the test.

Should I worry about this? How would you deal with it?

Community
  • 1
  • 1
packet
  • 1
  • don't worry about it. you can't reliably identify WHERE a page request came from (different tab? different window?). At most a person will simply get failures on the "earlier" windows because the "last" window's captcha overwrote the setup. They load up another captcha and off they go. – Marc B Feb 15 '13 at 15:31
  • @MarcB: Thanks, just wanted to make sure it's not a bad practice. – packet Feb 15 '13 at 15:47

1 Answers1

0

That is the general approach for captchas and sometimes a reason why they do not validate.

This is a goood read http://www.sitepoint.com/captcha-inaccessible-to-everyone/ why not to use captcha

You could however add them in an array instead and see if the answer exists in array. You are not stating which language you are using otherwise i could provide some code.

Iesus Sonesson
  • 854
  • 6
  • 12
  • Storing arrays in session for php: http://www.phpriot.com/articles/intro-php-sessions/7 – Iesus Sonesson Feb 15 '13 at 15:38
  • I'm using python and django. Anyway, I'm lazy so I'll go along with what @MarcB suggested. I read the article you linked. Unfortunately, it doesn't suggest any CAPTCHA alternative. – packet Feb 15 '13 at 15:44
  • Alternatives: For one you could add (not visible)inputs that should never contain text bots often fill out every field. If that works it it is certainly easier for the user. Secondary you might look into http://www.projecthoneypot.org/ Sorry not very good at python, but this seems close to the solution to your problem: http://www.djangofoo.com/57/session-arraylist-append-does-not-work – Iesus Sonesson Feb 15 '13 at 15:56