Well, I’ve got to say, Drupal’s captcha module is a huge disappointment. The idea is good but the execution is terrible. It caused serious confusion for the session management mechanism, causing people to be randomly logged out, or even sessions confused between different people. That’s a huge security risk, and just made the site so unusable that I couldn’t keep it on.
The good news is that I upgraded to Drupal 4.6.0 in all of this, and the new spam module looks much nicer than the one in 4.5.x. So maybe this will keep me happy for awhile.
I upgraded to 4.6 and installed the captcha module. I hand edited the comments.module since the patch file was no longer current. That patch file isn’t exactly complicated either… just adding two function calls. Anyways, when the module is turned on, anyone (regardless of permissions/roles) who visits a node ends up getting logged out. Doesn’t matter if I take out the two function calls in the patch or not. If captcha is even on it losses the session information :( And I really really wanted captcha…
Yes, that’s exactly the behavior I was seeing, but not just that, sometimes instead of getting logged out, they’d get someone else’s session. Even worse, IMHO.
This was fixed a long time back afaik.
Well, the story you’re commenting on was written in April ;-)