Sign in to follow this  
rainny

[web] CAPTCHA checking in PHP

Recommended Posts

rainny    122
I've been reading a few articles on developing a good CAPTCHA system in PHP. The problem that I find with these methods is that the solution that the user is supposed to type in is stored in the $_SESSION array. for example, here's a small code snipped to check if the what the user typed into the CAPTCHA form is correct:
$user_answer = $_POST['captcha'];
if ( $_SESSION[ 'captcha_answer' ] == $user_answer )
{
  //user is human!
}

My problem is that can't a spam-bot easily look into the session array for the answer? Or am I a bit misguided as to where the session data is stored?

Share this post


Link to post
Share on other sites
rainny    122
Quote:
Original post by UziMonkey
Sessions are stored server-side so no, they can't.


Oh ok. So, do you mind telling me what exactly is stored client-side?
I'm just curious.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this