CAPTCHA validation error: unknown CAPTCHA session ID. Contact the site administrator if this problem persists.

Same issue here with cacheable on TRUE. Setting it to FALSE gives the following error logs:

CAPTCHA session reuse attack detected on user_login_form
Posted CAPTCHA token: '<TOKEN OMITTED>'
Expected captcha token: false

With the same token on every form submit.
Seems the token is cached as well. I'm trying to create a patch for it!

In https://www.drupal.org/files/issues/2018-03-20/2893656-8.patch they call the page_cache_kill_switch so you don't get a CAPTCHA reuse attack. Not sure if this is the right approach but it seems to work for now. At least the cacheable option is still there if people want to use it / get it working.

I've made a patch and attached it for both caching issues, works for me currently.

I believe the patch here is more of a workaround in the underlying captcha module. It would be good if folks using captcha could try the fix in #3035883: CAPTCHA validation error: unknown CAPTCHA session ID and, if it fixes the bug, add comments to that issue about it working for you.

There's now https://www.drupal.org/project/captcha/releases/8.x-1.2 which includes a fix for this so it no longer makes sense for modules to work around this problem. Since the bug was in captcha I'm reclassifying this as a support request and marking it fixed since nothing more needs to be done in this module.

I wonder, @techwolf if you'd consider becoming a module co-maintainer? The first step of that process is to open an issue in the queue.