Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Captcha can be programmatically reused by passing session id #9330
If you use a captcha protected resource like the sendEmailServlet you can pass the same captcha again and again via curl if you use the session id cookie of the original request.
Once the captcha has been checked and validated, we need to remove it from the user's session programmatically.
The main problem here is that captcha information will be stored in session even after get/validate the value.
Steps to Reproduce: