Edit report at https://bugs.php.net/bug.php?id=66653&edit=1
ID: 66653 Comment by: ddpm at liscovius dot de Reported by: chealer at gmail dot com Summary: "Incorrect CAPTCHA" trying to file or comment a bug report Status: Assigned Type: Bug Package: Website problem PHP Version: Irrelevant Assigned To: peehaa Block user comment: N Private report: N New Comment: You can also watch the entries of the currently existing user sessions server side when stored in file system: On Debian 10 the default location seems to be: /var/lib/php/sessions Previous Comments: ------------------------------------------------------------------------ [2021-09-18 22:10:48] ddpm at liscovius dot de There are 2 potential reasons: 1. Session is timed out server side before user submits the form. Either by normal PHP session cleanup logic or server based cron job cleaner (Debian's sessionclean you naughty boy!, see /etc/cron.d/php ) This is a thing the maintainer of the web server has to take care. 2. The $_SESSION must be able to handle multiple browser tabs: Instead $_SESSION['answer'] use $_SESSION['form'][$formtoken]['captcha'] or $_SESSION['report'][$formtoken]['captcha'] $formtoken can either be random generated for each form loaded (session file storage grows with each page load) or be reused until the captcha was solved for the $formtoken. ( The forms could contain the formtoken as <input type="hidden" name="formtoken" value="<?= $formtoken ?>"/> Or the captcha only needs to be solved once for a user session and all following form submits do not need solve annoying captchas. ------------------------------------------------------------------------ [2021-07-11 14:51:52] c...@php.net No, the issue has not been fixed. petk's analysis[1] is spot on. [1] <https://bugs.php.net/bug.php?id=66653#1545852651> ------------------------------------------------------------------------ [2021-07-11 14:13:59] chealer at gmail dot com I am under the impression that this has been fixed. ------------------------------------------------------------------------ [2020-01-03 07:57:05] c...@php.net Related To: Bug #79057 ------------------------------------------------------------------------ [2019-06-01 23:54:08] chealer at gmail dot com Thank you petk. Your description brings me as many questions as it answers though. I suggest you explain your decision on your blog, or post an explanation to a PHP mailing list. Thank you peehaa ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=66653 -- Edit this bug report at https://bugs.php.net/bug.php?id=66653&edit=1 -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php