This is a migrated thread and some comments may be shown as answers.

HTTP Session gets very large when RadCaptcha images are added using GUIDs

3 Answers 101 Views
Captcha
This is a migrated thread and some comments may be shown as answers.
Amir
Top achievements
Rank 1
Amir asked on 06 Jul 2012, 08:00 PM
We are using Telerik.Wb.UI rev 2010.2.713.20, VB.NET, and IIS 7.

Following is a "telerik:RadCaptcha" element in one of our web pages:

<telerik:RadCaptcha ID="RadCaptcha1" ImageStorageLocation="Session"
           runat="server" ErrorMessage="Page not valid. The code you entered is not valid."
           ValidationGroup="vgAudio"
           ValidatedTextBoxID="rcTextBox1"
           Display="None">
           <CaptchaImage
                EnableCaptchaAudio="true"
                RenderImageOnly="true"
                ImageCssClass="rcCaptchaImage"
                BackgroundColor="#609f0a"
                TextColor="White"
                BackgroundNoise="None" />
</telerik:RadCaptcha>

We have been noticing that each time the page is refreshed/reloaded, a Captcha Image is added to the Session using a new GUID as the key.  The problem we are running into is that the session object gets very large as crawlers load this page many many time over the life of a single session.  The Session gets so large that we have to run a scheduled task to forcefully abandon the session periodically.

We have used the "CaptchaMaxTimeout" property to set the timeout to just a couple of minutes and observe that Captcha images do not seem to be removed from the cache (Session) when the timeout period expires.

How can I prevent/limit caching of Captcha images to avoid this situation?

3 Answers, 1 is accepted

Sort by
0
Pero
Telerik team
answered on 09 Jul 2012, 02:31 PM
Hello Amir,

This indeed is a problem with the RadCaptcha! The bug is logged into our PITS and we will do our best to fix it as soon as possible.

The CaptchaImage object is cleared on each postback, but not in the case when the page is refreshed. This is because the key for the Session object is stored in the RadCaptcha's control state, which is loaded only on postbacks and not when the page is refreshed. For the time being I recommend using the following code to workaround this issue.

ASPX
<telerik:RadCaptcha ID="RadCaptcha1" ImageStorageLocation="Session"
            runat="server" ErrorMessage="Page not valid. The code you entered is not valid."
            ValidationGroup="vgAudio"
            Display="None">
            <CaptchaImage
                ImageCssClass="rcCaptchaImage"
                BackgroundColor="#609f0a"
                TextColor="White"
                BackgroundNoise="None" />
</telerik:RadCaptcha>
<asp:Button ID="Button2" Text="VALIDATE" runat="server" ValidationGroup="vgAudio" />

using System;
using System.Web.UI;
 
public partial class _CaptchaAjax : System.Web.UI.Page
{
    protected override void Render(HtmlTextWriter writer)
    {
        RemovePrevCaptchaImage();
 
        base.Render(writer);
    }
 
    private void RemovePrevCaptchaImage()
    {
        if (!IsPostBack)
        {
            var id = Session[RadCaptcha1.UniqueID] as string;
            if (!string.IsNullOrEmpty(id))
            {
                Session.Remove(id);
            }
        }
        Session[RadCaptcha1.UniqueID] = RadCaptcha1.CaptchaImage.UniqueId;
    }
}


Greetings,
Pero
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
0
Simon
Top achievements
Rank 1
answered on 29 Nov 2012, 09:05 PM
Is this fixed in the Q3 2012 release do you know?

TIA
0
Slav
Telerik team
answered on 03 Dec 2012, 05:48 PM
Hi Simon,

This bug has been fixed and the solution is available in the Q3 2012 release of RadControls for ASP.NET AJAX.

All the best,
Slav
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
Tags
Captcha
Asked by
Amir
Top achievements
Rank 1
Answers by
Pero
Telerik team
Simon
Top achievements
Rank 1
Slav
Telerik team
Share this question
or