Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I noticed after submitting a form protected by Captcha, that my anonymous user suddenly had a session cookie. I tracked it down, and it gets set in captcha_validate(), but it's only needed if the persistence setting is one of the SKIP_ONCE_SUCCESSFUL types. So I created a patch which only sets the $_SESSION variable if that is the persistence setting.
Comment | File | Size | Author |
---|---|---|---|
#2 | captcha.no-needless-sessions-2.patch | 1.21 KB | Grayle |
|
Comments
Comment #2
Grayle CreditAttribution: Grayle as a volunteer and at Dropsolid commentedAdded correct contribution, and clearer comment in the patch
Comment #3
Grayle CreditAttribution: Grayle as a volunteer and at Dropsolid commentedComment #4
Chris Matthews CreditAttribution: Chris Matthews as a volunteer commentedThe patch in #2 to captcha.module applied cleanly to the latest captcha 8.x-1.x-dev, but still needs to be reviewed.
Comment #5
andrey.troeglazov CreditAttribution: andrey.troeglazov at DrupalJedi commentedI will review it in several hours.
Comment #6
jernejbeg CreditAttribution: jernejbeg at Agiledrop - Your Trusted Drupal Teammates commentedThe patch applies and looks good to me. Thanks for the effort!
Comment #7
wundo CreditAttribution: wundo at Chuva Inc. commentedComment #8
wundo CreditAttribution: wundo at Chuva Inc. commentedComment #10
wundo CreditAttribution: wundo at Chuva Inc. for Galoa Science commented