0

I'm having a captcha image generated from a page captcha.aspx. It stores the "result" in a Session variable Session.Add("randomString", result);. In my web form I am using a CompareValidator to compare the value entered by the user with the session value. The image displays correctly, however, on page load the Session variable seems to be null. What may be the problem?

Captcha.aspx.cs

//Removed the preceding code since it just adds the string
//This is to add the string to session cookie, to be compared later
Session.Add("randomStr", result);
//Write out the text
objGraphics.DrawString(expression, objFont, Brushes.White, 3, 3);
//Set the content type and return the image
Response.ContentType = "image/GIF";
objBMP.Save(Response.OutputStream, ImageFormat.Gif);
objFont.Dispose();
objGraphics.Dispose();
objBMP.Dispose();

Registration.aspx.cs

string captcha = Session["randomStr"] as String;
captchaC.ValueToCompare = captcha;

Registration.aspx

<asp:CompareValidator ID="captchaC" runat="server" ControlToValidate="txtCaptcha"
ErrorMessage="Invalid captcha" Display="None" Type="String"></asp:CompareValidator>
chris05
  • 735
  • 4
  • 13
  • 27
  • Is `captcha.aspx` embedded on `registration.aspx`? Are you certain that the code setting the session variable is being executed before the code that reads it? – mellamokb Mar 24 '12 at 21:43
  • Are you sure variable `result` from the `Captcha.aspx.cs` is of type `string`? – Oleks Mar 24 '12 at 21:47
  • I recommend that do not using `CompareValidator` for this purpose. because your capcha value can be easily hackable. check capcha value in server side – Arian Mar 25 '12 at 04:27
  • @mellamokb I'm using `captcha.aspx` as the image url in an `Image` – chris05 Mar 25 '12 at 06:00
  • @Alex (While debugging) The `result` variable is receiving the correct captcha value. – chris05 Mar 25 '12 at 06:02
  • @Kerezo I wanted to use the `CompareValidator` validator since I was already using similar ASP.NET validators in the page, I found this validator easy to use and wanted to give the user instant response. Should I make use of `CustomValidator` or? – chris05 Mar 25 '12 at 06:05
  • if you set capcha value to `CompareValidator`,you can see it easily in view source and any bodey else can. – Arian Mar 25 '12 at 06:23

0 Answers0