References
- JCaptcha Home
http://jcaptcha.sourceforge.net/ - jcaptcha 5 minutes application integration tutorial http://forge.octo.com/jcaptcha/confluence/display/general/5+minutes+application+integration+tutorial
When the browser's Cookies is disabled, the CaptchaServiceException always occures and validation is always failed. When the browser's cookie function is changed to be enabled, Capthca validation works fine without erroring out.
(When the browser's Cookies is disabled, I access url of the custom signup form with the session id manually like this "http://localhost/signup/;jsessionid=XXXXXXXXXX?app_name=test".)
My source code of Image Captcha Servlet and Captcha Service is based on the application integration tutorial(refer to the JCaptcha homepage http://forge.octo.com/jcaptcha/confluence/display/general/5+minutes+application+integration+tutorial), but it doesn't work when the browser's cookie function is disabled.
Error Detail
Exception occures as follows when validation is failed.
com.octo.captcha.service.CaptchaServiceException: Invalid ID, could not validate unexisting or already validated captcha
This exception is written in com.octo.captcha.service.AbstractCaptchaService. validateResponseForID method and this error is raised when checking and validating the captcha response.
Cause
JCaptcha use the session id as a key to store the value of captcha into the Map Object(when using DefaultManageableImageCaptchaService()). When accessing the Image Captcha Servlet to get captcha image, System can't get session id properly in case of disabling the browser cookie.
Solution
When accessing the Image Captcha Servlet to get captcha, image tag is always as follows.
<img id="captchaImage" src="/jcaptcha" border="1" />
But it should be changed as follows.
<img id="captchaImage" src="/jcaptcha;jsessionid=XXXXXXXXXX" border="1" />
The image tag is should be with the value of session id manually if the browser's cookie is disabled. the value of "XXXXXXXXXX" replaces with the client's session id.
0 件のコメント:
コメントを投稿