Reduce captcha calls by remembering successful captcha users
Question
I'm looking for a solution to reduce the number of captcha calls I need to make.
I have a website that allows free usage for one app with a text box and button. Users might use it 10 times, and thus I call captcha 10 times. However, this adds up to a ridiculous expense I can't continue to afford. I need a solution to track successful captcha so a user receives only one captcha if successful.
My Thought:
- On successful captcha
- store real user identifier in redis (Hash out IP, User Agent, and WebRTC (not fully aware of what this is, but I was recommended to use this))
- Future calls check if user is valid by checking their hashed identifier (TTL of 90 days)
Any other recommendations or suggestions? Any potential problems?
PS: info about WebRTC in this use case would be helpful as well
1 answers
solution1
0 ACCPTED 2021-05-21 23:07:57
I decided to use a hash of the IP and User-Agent considering everything I would take from the client can be spoofed (even the User-Agent can be). To combat the spoofing, I added ip rate limiting.
Now before making API calls from the client, I make a call to verify that the user is a verified user (I consider a validated captcha a non-robot verification for 24 hours. I'll mess with increasing this over time).
This should effectively reduce my captcha calls by 60%.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.