Edit report at https://bugs.php.net/bug.php?id=66653&edit=1
ID: 66653
Comment by: ddpm at liscovius dot de
Reported by: chealer at gmail dot com
Summary: "Incorrect CAPTCHA" trying to file or comment a bug
report
Status: Assigned
Type: Bug
Package: Website problem
PHP Version: Irrelevant
Assigned To: peehaa
Block user comment: N
Private report: N
New Comment:
You can also watch the entries of the currently existing user sessions server
side when stored in file system: On Debian 10 the default location seems to be:
/var/lib/php/sessions
Previous Comments:
------------------------------------------------------------------------
[2021-09-18 22:10:48] ddpm at liscovius dot de
There are 2 potential reasons:
1. Session is timed out server side before user submits the form. Either by
normal PHP session cleanup logic or server based cron job cleaner (Debian's
sessionclean you naughty boy!, see /etc/cron.d/php ) This is a thing the
maintainer of the web server has to take care.
2. The $_SESSION must be able to handle multiple browser tabs:
Instead $_SESSION['answer'] use
$_SESSION['form'][$formtoken]['captcha']
or
$_SESSION['report'][$formtoken]['captcha']
$formtoken can either be random generated for each form loaded (session file
storage grows with each page load)
or be reused until the captcha was solved for the $formtoken. (
The forms could contain the formtoken as
<input type="hidden" name="formtoken" value="<?= $formtoken ?>"/>
Or the captcha only needs to be solved once for a user session and all
following form submits do not need solve annoying captchas.
------------------------------------------------------------------------
[2021-07-11 14:51:52] c...@php.net
No, the issue has not been fixed. petk's analysis[1] is spot on.
[1] <https://bugs.php.net/bug.php?id=66653#1545852651>
------------------------------------------------------------------------
[2021-07-11 14:13:59] chealer at gmail dot com
I am under the impression that this has been fixed.
------------------------------------------------------------------------
[2020-01-03 07:57:05] c...@php.net
Related To: Bug #79057
------------------------------------------------------------------------
[2019-06-01 23:54:08] chealer at gmail dot com
Thank you petk. Your description brings me as many questions as it answers
though. I suggest you explain your decision on your blog, or post an
explanation to a PHP mailing list.
Thank you peehaa
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=66653
--
Edit this bug report at https://bugs.php.net/bug.php?id=66653&edit=1
--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
