reCaptcha is not validated on user registration form when standard caching is enabled

Duplicating issue https://www.drupal.org/project/recaptcha/issues/2934003 here as I suspect this is related to captcha module.

When reCaptcha is enabled on the user registration form with standard page caching enabled, only the first “wrong” submission is rejected. Subsequent submissions that fail to check off the “I’m not a robot” button will still be accepted until the Drupal cache is rebuilt (drush cr).

I was able to reproduce using a fresh D8 install on https://simplytest.me/

I only tested the user registration form and reCaptcha so unsure if this specific to reCaptcha, or the Captcha module in general and other forms.

Steps to reproduce.

1. Install a fresh copy of Drupal with the standard profile.
2. Install the reCaptcha and Captcha modules.
3. Set the reCaptcha keys at admin/config/people/captcha/recaptcha
4. Set reCaptcha as the default challenge at admin/config/people/captcha
5. Enable reCaptcha for the user registration form. I did this by exporting the Captcha Point user_register_form config at admin/config/development/configuration/single/export, manually modifying the yaml, setting the status to “true” then re-importing at admin/config/development/configuration/single/import
6. In an incognito browser window go to user/register.
7. Fill out the form. Do not check “I’m not a robot” but click “Create new account”. The form should display the error as expected.
8. Check the “I’m not a robot” button and resubmit. Form should be accepted as expected.
9. Close and re-open incognito window or clear all cookies.
10. Go to user/register.
11. Fill out form and do not check “I’m not a robot” but click “Create new account”. Form will be accepted instead of displaying an error.