Getting a "CAPTCHA session reuse attack detected" error.

Created on 10 July 2017, over 7 years ago
Updated 16 March 2023, almost 2 years ago

Users who are attempting to register on our website are getting a "CAPTCHA session reuse attack detected" error when submitting our registration form.

We have confirmed in our test environments that the captcha form is cached (same sid, same token) when the form is rendered AND we have reCaptcha set as the captcha_point which seems to be causing this issue. However, we can't find exactly how or where this form is being cached. We can confirm that when we turn on the math captcha instead the caching issue does not happen.

We've done some cursory code exploration and see that the captcha module does some cache breaking stuff when generating the captcha that the reCaptcha module doesn't do, is that the problem? Anyone seen this before?

🐛 Bug report
Status

Closed: duplicate

Version

2.0

Component

General

Created by

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024