Getting a "CAPTCHA session reuse attack detected" error.

Created on 10 July 2017, over 7 years ago

Updated 16 March 2023, over 1 year ago

Users who are attempting to register on our website are getting a "CAPTCHA session reuse attack detected" error when submitting our registration form.

We have confirmed in our test environments that the captcha form is cached (same sid, same token) when the form is rendered AND we have reCaptcha set as the captcha_point which seems to be causing this issue. However, we can't find exactly how or where this form is being cached. We can confirm that when we turn on the math captcha instead the caching issue does not happen.

We've done some cursory code exploration and see that the captcha module does some cache breaking stuff when generating the captcha that the reCaptcha module doesn't do, is that the problem? Anyone seen this before?

🐛 Bug report

Status

Closed: duplicate

Version

2.0

Component

General

Created by

scrumorg

Live updates comments and jobs are added and updated live.

Needs tests
The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇧🇷Brazil rafael maito
The issue still happening, but applying the patch #17 resolved the issue.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024