Commit 4b0360f7 authored by Grayle's avatar Grayle Committed by Fabiano Sant'Ana
Browse files

Issue #2996495 by Grayle, Chris Matthews, andrey.troeglazov, jernejbeg, wundo:...

Issue #2996495 by Grayle, Chris Matthews, andrey.troeglazov, jernejbeg, wundo: Don't create a $_SESSION unless necessary
parent 23a68064
......@@ -498,8 +498,22 @@ function captcha_validate($element, FormStateInterface &$form_state) {
// we also provide the CAPTCHA $element and $form_state
// arrays for more advanced use cases.
if ($captcha_validate($solution, $captcha_response, $element, $form_state)) {
// Correct answer.
$_SESSION['captcha_success_form_ids'][$form_id] = $form_id;
// Get the CAPTCHA persistence setting.
$captcha_persistence = \Drupal::config('captcha.settings')
->get('persistence');
if (in_array($captcha_persistence,
[
CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL,
CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_TYPE,
])) {
// Only save the success in $_SESSION if it is actually needed for
// further validation in _captcha_required_for_user(). Setting
// this kills the page cache so let's not be cavalier about it.
$_SESSION['captcha_success_form_ids'][$form_id] = $form_id;
}
// Record success.
\Drupal::database()->update('captcha_sessions')
->condition('csid', $csid)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment