Is it reasonable (or secure) to validate CAPTCHA via ajax? I want place a sign up form without any page reload. Is it secure? (I am using Validation and Form plugins)
My concern with a full AJAX solution (no page reloads) is that it will likely be possible for a user to bypass the return value from the POST-back and continue going even if the captcha is invalid. But you can keep track of any captcha failure in a server session and double-check the result at the end of your sign up form, since eventually everything will be done server-side. If the captcha was never valid, then you would have to deny the signup regardless of any other data that you have received from that client.
A reasonable way to implement this is as follows:
1) When the form page is requested, generate a session-specific server-side key.
2) When the user presses "Submit", use an AJAX call to send the user-entered captcha text to the server.
3) Server checks the user-submitted value. If it is equal to the text in the captcha, return the sever-side key generated in step 1.
4) Browser now has the server-side key. Upon form submit, check that the server-side key specified by the browser matches the server-side key generated in step 1. If so, the user must have passed the captcha, so process the request.
Yes it can be done using php and ajax, but you need to clear cache every time a captcha is loading that reload button. Here is a perfect example for you .. http://www.thetutlage.com/demo/captcha/
EDIT | I also found the article link http://www.thetutlage.com/post=TUT120
Even if you use AJAX, its still server-side, since you make a call to the server to validate it.