HTTP Session gets very large when RadCaptcha images are added using GUIDs

4 posts, 0 answers
  1. Amir
    Amir avatar
    1 posts
    Member since:
    Jul 2012

    Posted 06 Jul 2012 Link to this post

    We are using Telerik.Wb.UI rev 2010.2.713.20, VB.NET, and IIS 7.

    Following is a "telerik:RadCaptcha" element in one of our web pages:

    <telerik:RadCaptcha ID="RadCaptcha1" ImageStorageLocation="Session"
               runat="server" ErrorMessage="Page not valid. The code you entered is not valid."
               ValidationGroup="vgAudio"
               ValidatedTextBoxID="rcTextBox1"
               Display="None">
               <CaptchaImage
                    EnableCaptchaAudio="true"
                    RenderImageOnly="true"
                    ImageCssClass="rcCaptchaImage"
                    BackgroundColor="#609f0a"
                    TextColor="White"
                    BackgroundNoise="None" />
    </telerik:RadCaptcha>

    We have been noticing that each time the page is refreshed/reloaded, a Captcha Image is added to the Session using a new GUID as the key.  The problem we are running into is that the session object gets very large as crawlers load this page many many time over the life of a single session.  The Session gets so large that we have to run a scheduled task to forcefully abandon the session periodically.

    We have used the "CaptchaMaxTimeout" property to set the timeout to just a couple of minutes and observe that Captcha images do not seem to be removed from the cache (Session) when the timeout period expires.

    How can I prevent/limit caching of Captcha images to avoid this situation?
  2. Pero
    Admin
    Pero avatar
    1156 posts

    Posted 09 Jul 2012 Link to this post

    Hello Amir,

    This indeed is a problem with the RadCaptcha! The bug is logged into our PITS and we will do our best to fix it as soon as possible.

    The CaptchaImage object is cleared on each postback, but not in the case when the page is refreshed. This is because the key for the Session object is stored in the RadCaptcha's control state, which is loaded only on postbacks and not when the page is refreshed. For the time being I recommend using the following code to workaround this issue.

    ASPX
    <telerik:RadCaptcha ID="RadCaptcha1" ImageStorageLocation="Session"
                runat="server" ErrorMessage="Page not valid. The code you entered is not valid."
                ValidationGroup="vgAudio"
                Display="None">
                <CaptchaImage
                    ImageCssClass="rcCaptchaImage"
                    BackgroundColor="#609f0a"
                    TextColor="White"
                    BackgroundNoise="None" />
    </telerik:RadCaptcha>
    <asp:Button ID="Button2" Text="VALIDATE" runat="server" ValidationGroup="vgAudio" />

    using System;
    using System.Web.UI;
     
    public partial class _CaptchaAjax : System.Web.UI.Page
    {
        protected override void Render(HtmlTextWriter writer)
        {
            RemovePrevCaptchaImage();
     
            base.Render(writer);
        }
     
        private void RemovePrevCaptchaImage()
        {
            if (!IsPostBack)
            {
                var id = Session[RadCaptcha1.UniqueID] as string;
                if (!string.IsNullOrEmpty(id))
                {
                    Session.Remove(id);
                }
            }
            Session[RadCaptcha1.UniqueID] = RadCaptcha1.CaptchaImage.UniqueId;
        }
    }


    Greetings,
    Pero
    the Telerik team
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. Simon
    Simon avatar
    2 posts
    Member since:
    Jun 2006

    Posted 29 Nov 2012 Link to this post

    Is this fixed in the Q3 2012 release do you know?

    TIA
  5. Slav
    Admin
    Slav avatar
    1355 posts

    Posted 03 Dec 2012 Link to this post

    Hi Simon,

    This bug has been fixed and the solution is available in the Q3 2012 release of RadControls for ASP.NET AJAX.

    All the best,
    Slav
    the Telerik team
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
Back to Top