On Apr 13, 10:02 pm, Alexander Obuhovich <aik.b...@gmail.com> wrote:
> Sure, no need for cookies, since session will switch to get mode in that
> case, but still will exist. Captcha also uses session to store generated
> code, so no change here.
>
> On Tue, Apr 13, 2010 at 9:59 PM, Dmitry Andrejev <dandre...@gmail.com>wrote:
>
>
>
> > This is quite interesting idea!
>
> > I guess, the only down site user needs to have a Cookie enabled, but even
> > then we should be able to pass SID in Get for verification?
>
> > DA.
>
> > On Tue, Apr 13, 2010 at 12:59 PM, Alexander Obuhovich <aik.b...@gmail.com>wrote:
>
> >> Today most popular approach is to place captcha code on form to verify,
> >> that humans (not search engines) are submitting site forms. More dirty
> >> captcha image is, more chances are spider/bot won't be able to recognize it.
> >> On the other hand it makes form submitting uncomfortable for users. Also
> >> captcha is used only on forms, when user is not logged in.
>
> >> Here is approach, that is not using captcha, but still provides same level
> >> of protection:
>
> >> 1. after page with form is loaded, then send ajax request to server
> >> 2. in ajax responce send random name and random value + save both to
> >> session
> >> 3. when ajax responce is received, then dynamically add hidden field
> >> with received name and value
> >> 4. when form is submitted, then check, that submitted value matches
--
To unsubscribe, reply using "remove me" as the subject.