Issue #2996495 by Grayle, Chris Matthews, andrey.troeglazov, jernejbeg, wundo:...

Issue #2996495 by Grayle, Chris Matthews, andrey.troeglazov, jernejbeg, wundo: Don't create a $_SESSION unless necessary

Issue #2996495 by Grayle, Chris Matthews, andrey.troeglazov, jernejbeg, wundo:...
Issue #2996495 by Grayle, Chris Matthews, andrey.troeglazov, jernejbeg, wundo: Don't create a $_SESSION unless necessary
4b0360f7 · Grayle · Fabiano Sant'Ana · 23a68064 · 4b0360f7
Commit 4b0360f7 authored Feb 20, 2020 by Grayle Committed by Fabiano Sant'Ana Feb 20, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 2 deletions

captcha.module captcha.module +16 -2

No files found.
--- a/captcha.module
+++ b/captcha.module
@@ -498,8 +498,22 @@ function captcha_validate($element, FormStateInterface &$form_state) {
    // we also provide the CAPTCHA $element and $form_state
    // arrays for more advanced use cases.
    if ($captcha_validate($solution, $captcha_response, $element, $form_state)) {
-      // Correct answer.
-      $_SESSION['captcha_success_form_ids'][$form_id] = $form_id;
+
+      // Get the CAPTCHA persistence setting.
+      $captcha_persistence = \Drupal::config('captcha.settings')
+        ->get('persistence');
+
+      if (in_array($captcha_persistence,
+        [
+          CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL,
+          CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_TYPE,
+        ])) {
+        // Only save the success in $_SESSION if it is actually needed for
+        // further validation in _captcha_required_for_user(). Setting
+        // this kills the page cache so let's not be cavalier about it.
+        $_SESSION['captcha_success_form_ids'][$form_id] = $form_id;
+      }
+
      // Record success.
      \Drupal::database()->update('captcha_sessions')
        ->condition('csid', $csid)