--- captcha.module	2012-05-24 01:08:15.000000000 +0530
+++ captcha_bak.module	2012-05-24 00:46:29.000000000 +0530
@@ -221,11 +221,20 @@
   );
 
   // Additional one time CAPTCHA token: store in database and send with form.
-  $captcha_token = md5(mt_rand());
-  db_update('captcha_sessions')
-    ->fields(array('token' => $captcha_token))
-    ->condition('csid', $captcha_sid)
-    ->execute();
+  $captcha_token = db_select('captcha_sessions', 'c')
+                    ->fields('c', array('token'))
+                    ->condition('csid', $captcha_sid)
+                    ->execute()
+                    ->fetchAssoc();
+  $captcha_token = $captcha_token['token'];
+  if (!isset($captcha_token) && !$form_state['submitted']) {
+    // Additional one time CAPTCHA token: store in database and send with form.
+    $captcha_token = md5(mt_rand());
+    db_update('captcha_sessions')
+      ->fields(array('token' => $captcha_token))
+      ->condition('csid', $captcha_sid)
+      ->execute();
+  }
   $element['captcha_token'] = array(
     '#type' => 'hidden',
     '#value' => $captcha_token,
@@ -351,6 +360,9 @@
         // Get placement in form and insert in form.
         $captcha_placement = _captcha_get_captcha_placement($form_id, $form);
         _captcha_insert_captcha_element($form, $captcha_placement, $captcha_element);
+        
+        // Add #submit functions to invalidate captcha
+        $form['#submit'][] = 'captcha_submit_invalidate_session';
 
       }
     }
@@ -535,10 +547,6 @@
           // Invalidate the CAPTCHA session.
           $posted_captcha_sid = NULL;
         }
-        // Invalidate CAPTCHA token to avoid reuse.
-        db_update('captcha_sessions')
-          ->fields(array('token' => NULL))
-          ->condition('csid', $posted_captcha_sid);
       }
     }
     else {
@@ -730,3 +738,17 @@
   // new hook_captcha_placement_map hooks can be triggered.
   variable_del('captcha_placement_map_cache');
 }
+
+ /**
+ * Invalidate CAPTCHA token to avoid reuse.
+ * @param unknown_type $form
+ * @param unknown_type $form_state
+ */
+function captcha_submit_invalidate_session($form, $form_state) {
+  if (isset($form_state['captcha_info']['captcha_sid'])) {
+    db_update('captcha_sessions')
+      ->fields(array('token' => NULL))
+      ->condition('csid', $form_state['captcha_info']['captcha_sid'])
+      ->execute();
+  }
+}