Can't check result twice
1,379 views
Skip to first unread message
glennT
Sep 24, 2010, 6:12:05 AM9/24/10
to reCAPTCHA
Hi,
I'm using JQuery to check each stage of entry in my form with
reCAPTCHA also being checked.
When I get all the way through the form I then want to submit ALL of
the data with post.
The captcha will always fail when checked a second time. Is there any
way at all to call the function twice with the correct inputs and not
fail? If not it seems a very primative solution in todays asyncronous
web pages.
Using PHP to test, post variables are all correct:-
$resp = recaptcha_check_answer ("myPrivateKey",$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
// $resp gives a VALID result
// If I call it again with same inputs:-
$resp = recaptcha_check_answer ("myPrivateKey",$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
// $resp gives an INVALID result
I don't understand why we can't check the result a second time?
I'm using JQuery to check each stage of entry in my form with
reCAPTCHA also being checked.
When I get all the way through the form I then want to submit ALL of
the data with post.
The captcha will always fail when checked a second time. Is there any
way at all to call the function twice with the correct inputs and not
fail? If not it seems a very primative solution in todays asyncronous
web pages.
Using PHP to test, post variables are all correct:-
$resp = recaptcha_check_answer ("myPrivateKey",$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
// $resp gives a VALID result
// If I call it again with same inputs:-
$resp = recaptcha_check_answer ("myPrivateKey",$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
// $resp gives an INVALID result
I don't understand why we can't check the result a second time?
P JH
Sep 24, 2010, 6:21:44 AM9/24/10
to reca...@googlegroups.com
On Fri, Sep 24, 2010 at 11:12 AM, glennT <gl...@juicypear.com> wrote:
The captcha will always fail when checked a second time.
By design, to prevent replay attacks.
Is there any
way at all to call the function twice with the correct inputs and not
fail?
Nope.
If not it seems a very primative solution in todays asyncronous
web pages.
The correct solution is to not call it twice to begin with.
For example, on receiving a success/failure on the first time, you should remember that result instead of asking for the result again.
--
PJH
Adrian Godong
Sep 24, 2010, 6:21:38 AM9/24/10
to reca...@googlegroups.com
No, you can't do validation for the same challenge twice.
--
Adrian Godong
adrian...@gmail.com
I'm not sure about the "why not", but I can guess something like reducing attack surface; by having one challenge one response, attackers can't reuse the same challenge.
For your situation, why don't you save the result. There's only two outcome, if wrong, get a new one, if correct, hide/disable the reCAPTCHA. There's no gain in being able to check the same challenge/response more than once (compared to the additional connection load).
--
You received this message because you are subscribed to the Google Groups "reCAPTCHA" group.
To post to this group, send email to reca...@googlegroups.com.
To unsubscribe from this group, send email to recaptcha+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/recaptcha?hl=en.
--
Adrian Godong
adrian...@gmail.com
glennT
Sep 24, 2010, 6:27:42 AM9/24/10
to reCAPTCHA
Thanks both you guys for the fast response!
Using jquery for the first check is a nice user experience. I guess
I'll store the "good" result as a php session for the main post so I
know its a "Human" post and not a bot.
Cheers!
> > recaptcha+...@googlegroups.com<recaptcha%2Bunsubscribe@googlegroups.com>
> > .
>
> - Show quoted text -
Using jquery for the first check is a nice user experience. I guess
I'll store the "good" result as a php session for the main post so I
know its a "Human" post and not a bot.
Cheers!
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/recaptcha?hl=en.
>
> --
> Adrian Godong
> adrian.god...@gmail.com- Hide quoted text -
> >http://groups.google.com/group/recaptcha?hl=en.
>
> --
> Adrian Godong
>
> - Show quoted text -
Reply all
Reply to author
Forward
0 new messages