Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Simple Captcha: Session ID as identifier?
Simple Captcha: Session ID as identifier?
  • El Forum
    Guest
  •  
#1
07-16-2008, 11:10 AM

[eluser]erik.brannstrom[/eluser]
Hi!

I built a captcha library which randomly generates a simple mathematical question that the user is required to answer correctly to submit the form. When the user loads the controller, a new captcha is generated and the answer is stored in a database table along with the session ID which is the identifier used to fetch the correct answer once the user has pressed submit.

So my question is, is the session ID a smart way to associate a user with an answer, seeing as (if I understand it correctly) the session ID is changed every five minutes or so?

Best regards,
Erik Brännström
  • El Forum
    Guest
  •  
#2
07-16-2008, 12:08 PM

[eluser]Rick Jolly[/eluser]
I think you answered your own question. Why not just store the answer directly in the session? Alternatively, just store the numbers in hidden fields to avoid using the session.
  • El Forum
    Guest
  •  
#3
07-16-2008, 12:15 PM

[eluser]Unknown[/eluser]
use reCAPTCHA.net

its free, its awesome, its high tech... and you're helping to digitize books!
  • El Forum
    Guest
  •  
#4
07-16-2008, 12:17 PM

[eluser]erik.brannstrom[/eluser]
It is interesting that the easiest solution seldom is the one that springs to mind Smile

Just one follow up question. The captcha is plain text and can easily be answered by a fairly simple automated process, which isn't really a problem for my part. I'm just wondering if the CI Sessions are stored in cookies and if this information is easily accessible for such bots? I'm simply wondering for possible future security reasons.

Thanks for your answer!
  • El Forum
    Guest
  •  
#5
07-16-2008, 12:27 PM

[eluser]erik.brannstrom[/eluser]
[quote author="mdgross" date="1216250105"]use reCAPTCHA.net

its free, its awesome, its high tech... and you're helping to digitize books![/quote]

I did actually, however I found that it was a bit too high tech for my needs Smile

The site I'm working on is in Swedish, which is not supported by default with reCaptcha and I didn't feel up to the task of fixing that myself. This solution also loads faster and will never cause the slightest problem when I finally get around to internationalizing the site.
  • El Forum
    Guest
  •  
#6
07-16-2008, 12:40 PM

[eluser]Lone[/eluser]
I think the best way to go would to be using the standard session flashdata feature to store the answer on the page with the form and accessing it on the submit page. No need to worry about DB calls or session IDs changing..




Theme © iAndrew 2016 - Forum software by © MyBB