Index: captcha.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/captcha/captcha.module,v
retrieving revision 1.103.2.13
diff -u -b -u -p -r1.103.2.13 captcha.module
--- captcha.module	1 Dec 2010 00:14:59 -0000	1.103.2.13
+++ captcha.module	12 Dec 2010 00:11:53 -0000
@@ -189,7 +189,7 @@ function captcha_process($element, $edit
   // Get the CAPTCHA session ID.
   // If there is a submitted form: try to retrieve and reuse the
   // CAPTCHA session ID from the posted data.
-  list($posted_form_id, $posted_captcha_sid) = _captcha_get_posted_captcha_info($element, $form_state);
+  list($posted_form_id, $posted_captcha_sid) = _captcha_get_posted_captcha_info($element, $form_state, $this_form_id);
   if ($this_form_id == $posted_form_id && isset($posted_captcha_sid)) {
     $captcha_sid = $posted_captcha_sid;
   }
@@ -458,11 +458,13 @@ function captcha_validate_case_insensiti
  *
  * @param $element the CAPTCHA element.
  * @param $form_state the form state structure to extract the info from.
+ * @param $this_form_id the form ID of the form we are currently processing
+ *     (which is not necessarily the form that was posted).
  *
  * @return an array with $posted_form_id and $post_captcha_sid (with NULL values
  *     if the values could not be found, e.g. for a fresh form).
  */
-function _captcha_get_posted_captcha_info($element, $form_state) {
+function _captcha_get_posted_captcha_info($element, $form_state, $this_form_id) {
   if (isset($form_state['captcha_info'])) {
     // We already determined the posted form ID and CAPTCHA session ID
     // for this form, so we reuse this info
@@ -498,6 +500,7 @@ function _captcha_get_posted_captcha_inf
       preg_replace("/[^a-zA-Z0-9]/", "", (string) $post_data['captcha_token'])
       : NULL;
 
+    if ($posted_form_id == $this_form_id) {
     // Check if the posted CAPTCHA token is valid for the posted CAPTCHA
     // session ID. Note that we could just check the validity of the CAPTCHA
     // token and extract the CAPTCHA session ID from that (without looking at
@@ -516,6 +519,12 @@ function _captcha_get_posted_captcha_inf
       db_query("UPDATE {captcha_sessions} SET token=NULL WHERE csid=%d", $posted_captcha_sid);
     }
   }
+    else {
+      // The CAPTCHA session ID is specific to the posted form.
+      // Return NULL, so a new session will be generated for this other form.
+      $posted_captcha_sid = NULL;
+    }
+  }
   return array($posted_form_id, $posted_captcha_sid);
 }