Working With Sessions and Captcha

Question

I am unable to get my sessions captcha to work for some reason.

This is what I currently am trying.

$_SESSION['n1'] = rand(1,20);
$_SESSION['n2'] = rand(1,20);
$_SESSION['expect'] = $_SESSION['n1']+$_SESSION['n2'];

This is what I have in my form

<form action="" method="post">
    <?=$_SESSION['n1']?> + <?=$_SESSION['n2']?> =
    <input name="captcha" type="text" class="text" />
<input name="submit" type="submit" /> 

For some reason it is always returning as the captcha being incorrect.

if($_SESSION['expect'] != $_POST['captcha']) {
   $err[] = 'The captcha answer is incorrect.';
}

Answer 1

use that order:

if($_SESSION['expect'] != $_POST['captcha']) {
  $err[] = 'The captcha answer is incorrect.';
}

...

$n1 = rand(1,20);
$n2 = rand(1,20);
$_SESSION['expect'] = $n1 + $n2;

that way values will not be overwritten

Answer 2

The session is being started, either by session_start() or by session.auto-start-directive?

And are you sure the session id is being passed?

Answer 3

Are those sessions being created on the same page the form is posting to? Maybe $_SESSION['expect'] is being overwritten with a new value. In that case, it wouldn't equal $_POST['captcha'].