Drupal Caching Incompatible with CAPTCHA

November 1, 2010 in
Web Development: Drupal
category.
Drupal cacheAttention, Drupal users! You may be unaware of this, but there it is: CAPTCHA module, referred to in CAPTCHA for Drupal: anti-spam protection and usability, is incompatible with Drupal built-in caching mechanism! All related and dependent on CAPTCHA modules affected by this issue aswell.

This seems logical, because each site visitor requires unique CAPTCHA challenge, which can be served only if this page isn't cached ( because if it is — all users will receive same CAPTCHA test and thus CAPTCHA will not work as expected ). Yet it was pretty hard to find this information on CAPTCHA module help page, and there was no warnings given by module itself inside of Drupal for quite a large ammount of time ( now developers have placed warning message about this on the Performance settings page in Drupal ).

­ — All right, CAPTCHA is incompatible, yep... So what?

Actually it can be pretty nasty "feature" of CAPTCHA. Think about it. The most common place to find CAPTCHA is a comment form, which for reason of usability generally placed on the same page as node itself ( meaning below the node content ). Thus all node pages will be non-cacheable for anonymous users. That's it — in such cases the main reason of using caching for fast serving of cached pages to anonymous users is completely lost, because pages with CAPTCHA can't cached by Drupal. It's obvious that almost any website has node pages visited most, so something like 90 % of anonymous visits will land on non-cached node pages. It will affect loading times, and that can hurt your search ranking, because Google, for example, from Spring, 2010 takes into accout website loading speed for ranking. In addition sometimes CAPTCHA can be seen added to Login form, and if that form placed inside of block on sidebar — every page that has this block will be non-cacheable, and that is absolutely unacceptable.

So, concerned Drupal webmaster has three options:
  • Accept this issue as it is and leave CAPTCHA challenge in comment form on same page as the node content. If your hoster has pretty fast server and additional performance available, while site has relatively low ammount of visitors — this may not be so deadly.  But, caching in some cases allows to serve pages in 300-400 milliseconds instead of 1-3 seconds for serving uncached pages "on fly", so by reason of performance and site speed is better to find another way.
  • Place comment form on different page ( Drupal allows that ). In this case to leave a comment visitors must hit "Add comment" link, wait for loading of a new page and write their comment there. This is not very user-friendly, and you will lost some possible commenters ( because not anyone will look for Add a comment link ). 
  • Use non-CAPTCHA, alternative spam protection.
By combining two alternative to CAPTCHA third-party modules it's possible to create pretty strong defense against spam, while keeping all caching possibilities and some other benefits — read next about this in Alternative CAPTCHA for Drupal.
Average: 5.8 (9 votes)
About the Author: Sergey “Treidge” Danchenko

AvatarSergey "Treidge" Danchenko is a founder and the author of 3DG.Me blog, 3D Artist and game developer, Drupal web-developer and one-man-band with experience in some other areas. Personal credo — "If you want a thing done well, do it yourself". In times of great inspiration writes poetry and plays volleyball. Primary professional tools — Autodesk Maya & Mudbox, Adobe Photoshop. Wild about turkeys and parrots, loves music and videogames.  Thanks for reading and come again!

Copyright © 2010-2013 Sergey "Treidge" Danchenko. Feel free to Contact me with any questions. Theme based on a BlogBuzz design by Antsin.com