Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to solve Google v3 reCaptcha timeout?

We have a PHP form that is several tabs and times-out on the reCaptcha. Everything is done in one page and it works perfectly fine IF the form is completed in <3 minutes.

The idea of a solution is to move the form processing and reCaptcha to a secondary page for processing.

The problem is that the form page polls the google service for reCaptcha and collects a token value to a hidden field.

<input type="hidden" name="recaptcha_response" id="recaptchaResponse">

The problem is how to request this token on the server side processing page? Here is the code used on the client side form page. I need to somehow regenerate the token value to apply as :

$recaptcha_response

Here is the working version on the form page. It's easy to remove the requirement on Posting the token from the form page, just not sure how to regenerate the token to use on the server side page.

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['recaptcha_response'])) {

// Build POST request:
$recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
$recaptcha_secret = RECAPTCHA_SECRET_KEY;
$recaptcha_response = $_POST['recaptcha_response'];
$remoteip = $_SERVER['REMOTE_ADDR'];

// Make and decode POST request:
$recaptcha = file_get_contents($recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response. '&remoteip='.$remoteip);
$recaptcha = json_decode($recaptcha);

// Take action based on the score returned:
if ($recaptcha->score >= 0.5) {

EDIT TO ADD: Would making the initialization of the reCaptcha until Submit delay the timing issue since this seems to be an option:

https://developers.google.com/recaptcha/docs/v3

"2. Call grecaptcha.execute on an action or when the page loads"

like image 867
Burndog Avatar asked Mar 20 '19 00:03

Burndog


People also ask

How do I extend reCAPTCHA timeout?

One solution is to change the way you are submitting your form. Move the reCaptcha submission to a secondary server side page if possible. This will create a fresh condition where the interaction with Google is immediate.

Why is reCAPTCHA timing out?

With the use of Recaptcha v3, there seems to be a timeout once the user is on the page for a request to be verified. The returned error to the user is the default “Sender's message failed to send” which doesn't prompt the user to reload, or provide any way to reset the recaptcha check.

How long is reCAPTCHA timeout?

Note: reCAPTCHA tokens expire after two minutes. If you're protecting an action with reCAPTCHA, make sure to call execute when the user takes the action rather than on page load. You can execute reCAPTCHA on as many actions as you want on the same page.

What happens if you fail reCAPTCHA v3?

If the reCaptcha failed, then it, mostly, a bot. So no actual action is required. So it could be an ignore action - no response action at all.


1 Answers

If you do not wish to change your code too much then an alternative approach would be to wrap the reCaptcha JavaScript in a named function, set up an interval and poll that function prompting reCaptcha to add a new token to your form element 10 seconds before each two minute token expiry:

function getReCaptcha(){
    grecaptcha.ready(function() {
       ...
     });
 }

 getReCaptcha();  // This is the initial call
 setInterval(function(){getReCaptcha();}, 110000);
like image 110
Mike Poole Avatar answered Oct 06 '22 03:10

Mike Poole