The module allows boost caching of Drupal pages with forms with CAPTCHA for long durations without running into the "Session reuse attack detected" error. The module allows forms with CAPTCHA to be cached even after the CAPTCHA session expires by allowing the CAPTCHA to be re-loaded using AJAX when a user starts filling in the form.

This is specificually useful when forms are loaded in blocks and the pages where these blocks are loaded are cached for longer than a day. In such cases the CAPTCHA session would expire after a day while the cached form will remain in the cached page. When an anonymous user submits the form later he will run into the "CAPTCHA session reuse attack detected" preventing form submission.

The module thus allows pages with blocks with forms with CAPTCHA to be cached allowing for better performance for anonymous users. A new captcha would only be loaded when a user actually tries submitting the form

How this works

Usually when a captcha is loaded in a form, captcha module will turn off page caching for the page. However when a form is loaded in a block in a page, page caching will only be turned off in the first page where the block was originally loaded and that too only for the first time when the page is generated. The second time the page is generated the block will only be loaded from cache (as HTML) and the code that turns off page caching from the captcha module will not be invoked.

The usually workaround is to disable block caching or page caching or set up short duration caching of pages when forms with captcha is to be shown in blocks. All of these options come at a performance cost.

The module works around this problem by allowing the captcha form element to be reloaded using AJAX so that pages with forms with captcha can be statically cached for very long periods of time without compromising on protection from spam or performance of the site. The captcha is only reloaded when a person actually starts typing into the form (or rather when the person clicks on the form). So for most anonymous users who do not click on the form there is no additional overhead with the reloading of the captcha.

Project Information