Fix captcha part 2: don't store captcha answer in session cookie

2025-12-13 23:09:01 +00:00 · 2019-02-03 09:01:21 -05:00
parent e8965497d4
commit 204b82b71f
4 changed files with 10 additions and 2 deletions
--- a/api.py
+++ b/api.py
@@ -1,6 +1,7 @@
 import json
 import os
 from threading import Lock
+from uuid import uuid4

 from flask import request, abort, Response, send_file, session

@@ -254,7 +255,9 @@ def setup_api(app):
    @app.route("/cap", methods=["GET"])
    def cap():
        word = captcha.make_captcha()
-        session["cap"] = word
+        cap_id = uuid4()
+        session["cap"] = cap_id
+        oddb.sessionStore[cap_id] = word

        return send_file(captcha.get_path(word), cache_timeout=0)