If the account creation form has an image field, the site will display "CAPTCHA session reuse attack detected." when the account is created.
Steps to reproduce:
- Install and configure captcha and recaptcha, including API keys
- Add recaptcha to the registration page (form id: user_register_form)
- At admin/config/people/accounts, uncheck "Enable user pictures." in the Personalization section
- At admin/config/people/accounts/fields, add an image field to the account creation form
- As an anonymous user, fill out all fields at user/register and upload an image
- Do the recaptcha test and click "Create new account"
The error message will be displayed to the user, either on the homepage or on the user page, depending on whether email verification is turned on at admin/config/people/accounts.
I realize that it's triggering this because the image upload widget reloads the page after the upload is complete. An easy "fix" is to not use recaptcha at all on the registration form and just require email verification. But can anything else be done that will still allow the recaptcha to be used on the registration form? That would be for situations where the site owner wants people to be able to log in right away.
Comments
Comment #2
hass CreditAttribution: hass commentedMaybe this is #2493183: Ajax support / Use behaviors?
Comment #3
hass CreditAttribution: hass commentedComment #4
issa.haddadin CreditAttribution: issa.haddadin as a volunteer commentedHello,
I'm reopening this as i have exactly the same issue, the user will get the same error if he uploaded an image withing the form.
Thank you.
Comment #5
issa.haddadin CreditAttribution: issa.haddadin as a volunteer commentedActually updating Captcha module to 7.x-1.x-dev solved my problem.