Captcha

This is for collecting information on how captchas work and how to implement them.

use case: generate captcha

main success scenario

1. The system retrieves a captcha code and an associated image.
2. The system calculates a hash from the code and a know secret.
3. The system generates a session id.
4. The system creates a session with the session id and stores the hash there.
5. The system and stores it in a cookie.
6. The system sends the image and the cookie to the user.

use case: perform captcha verification

main success scenario

1. The system generates and presents an image and an according input field to the user.
2. The user tries to read the text in the image in writes it into the input field.
3. The user sends the form.
4. The system reads the sent text.
5. The system checks if the hash of the text and a known hash of the image match.
6. The system performs the intended action.

extensions

5a. The two hashes do not match.

5a1. The system goes back to step 1.

use case: match text to image

main success scenario

1. The system calculates a hash from the sent text and a known secret.
2. The system reads the session id from the users cookie.
3. The system retrieves the the hash from the user's session user the session id.
4. The system compares the hash from the session and the calculated hash from the user input.

extensions

3a. The system can not read the session id from the users cookie.

3a1. The system jumps to use case "perform captcha verification", step 1.