I am in the middle of implementing the google captcha in my
application and wanted to get some clarification on how the server
handles captchas.
I want to make my application’s captcha consistent with the one
located at:
https://www.google.com/accounts/DisplayUnlockCaptcha where
the user is asked to enter an email address, password, and captcha
answer.
When the user supplies a different email address and/or password with
their captcha answer does the server gracefully ignore the captcha
token and captcha answer provided to the service, or does it
invalidate the captcha?
This information could be useful to anyone implementing their own
captchas, so I want to get it in the google group where it is easy to
find.
Greg Robbins over in the Objective-C discussions stated the following:
"I think the server generally will ignore the captcha information if
it is
not needed for the supplied account name and password, but I am not
certain.
The server's behavior may also depend on a variety of abuse-prevention
details that it keeps track of to prevent improper account activity."
I was hoping someone could confirm and/or expand on Greg's response.