Pages with multiple CAPTCHA protected forms give always "CAPTCHA session reuse attack detected."

for example:
- CAPTCHA on user login block, which is on every page
- CAPTCHA on comment form
- post comment form with correct CAPTCHA
- result: "CAPTCHA session reuse attack detected.", which comes from processing of user login block

CommentFileSizeAuthor
#1 995748-reuse-attack-multiple-forms-01.patch2.49 KBsoxofaan

Comments

soxofaan’s picture

soxofaan commented
Title: Pages with multiple CAPTCHA protected forms give always "CAPTCHA session reuse attack detected." » multiple CAPTCHA protected forms on same page gives "CAPTCHA session reuse attack detected."
Status: Active » Needs review
StatusFileSize
new 995748-reuse-attack-multiple-forms-01.patch2.49 KB

This patch should fix it

Problem is still possible when using multiple forms of the same type (same form ID) on the same page

temizu’s picture

temizu commented

it seems the problem is solved, thanks a lot. good work

soxofaan’s picture

soxofaan commented
Status: Needs review » Patch (to be ported)
Issue tags: +low-hanging fruit

thanks for testing,

committed for Drupal 6: http://drupal.org/cvs?commit=464000

to be ported to Drupal 7

soxofaan’s picture

soxofaan commented
Version: 6.x-2.x-dev » 7.x-1.x-dev

port of this patch fro Drupal7 depends on #810534: Fix CAPTCHA session reuse

soxofaan’s picture

soxofaan commented
Component: Captcha API (captcha) » Tests
Category: bug » task

http://drupal.org/cvs?commit=470426
includes this patch for D7

still to port: tests from #3

soxofaan’s picture

soxofaan commented
Status: Patch (to be ported) » Fixed

ported test is included in http://drupal.org/cvs?commit=470926

Status: Fixed » Closed (fixed)
Issue tags: -low-hanging fruit

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +low-hanging fruit

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.