In CAPTCHA, one starts a session, name it, and keep the verification
code as this:
$_SESSION['ecp_sess'] = $veristr;
When an end-user clicks SUBMIT, the server script will verify the code
as this:
if($_SESSION["ecp_sess"] == $_POST["veri_code"]) ....
Somehow I think this is going to create problem. The verification code
is dynamically generated, but the session name is unchanged. When
there are more than 1 users at a particular time, the earlier user who
clicks SUBMIT will find that the verification code is incorrect.
I am going to test with 2 computers; in the mean time any comments
from experienced people ?
Thanks.