Creating unique transient name per browser session

@alessandro12 : I still have a question…

name transient = prefix + random value . Everytime

You can pass the random value (input hidden) and the captcha value to the browser. Better to use the ajax method.
When it comes back you get Captcha entered by the user and the name transient and you can do the verification.

If you generate a random value (by using for example the random_int() function), how to make this value the same for transient name and for the hidden input? Because it’s a different value every time I call this function. How did you do this?

Guido

May have found it… I can set a cookie together with the transient. After form is submitted I get the value of the cookie and with that I can get the correct transient!

Guido

No, this way the random value of cookie and transient name changes everytime upon pageload.. I can’t get my head around it.

Guido

When you generate the random value, assign it to a variable and use the variable to create both the transient and form field.

Hi BC!

Will look into this ??

But meanwhile I may have found a solution:

// create cookie
function my_cookie() {
	$transient_id = random_int(1000, 9999);
	$transient_name = 'my_transient_'.$transient_id;
	if(!isset($_COOKIE['my_cookie'])) {
		setcookie( 'my_cookie', $transient_name, 0, COOKIEPATH, COOKIE_DOMAIN );
		$_COOKIE['my_cookie'] = $transient_name; // to avoid undefined warning upon first pageload
	}
}
add_action( 'init', 'my_cookie' );

// create transient
function my_transient() {
	$rand_one = random_int(1, 9);
	$rand_two = random_int(1, 9);
	$transient_name = $_COOKIE['my_cookie'];
	if( get_transient($transient_name) === false ) {
		set_transient($transient_name, array('rand_one' => $rand_one, 'rand_two' => $rand_two), DAY_IN_SECONDS);
	}
}
add_action( 'init', 'my_transient' );

(for this example I omitted encryption)
I set a cookie that holds the random transient name.
I create a transient that holds the random captcha values.
Now I can get the correct transient and do validation.
After validation transient will be deleted.
New transient is created when contact page is visited again.
Cookie expires when browser is closed.

How about that?

Guido

Hi,
Sorry for the late reply but about 15 days ago I was sick (covid-19) . Now it has passed but still not good. I can’t concentrate well.
Sorry, please be patient and we can talk later.

Thank you for the query of database.

Best regards.

No problem, get well soon!

It seems I finally have found a proper solution.

Guido

Hi @alessandro12

name transient = prefix + random value . Everytime

Have been using this for over a month now, but unfortunately this results into MANY transients in my database. Everytime page is visited (by human or bot) a new transient is added to database. They will be removed when expirering or when form is submitted, but still lots of them in database. So new transient per session is not the best way to do it I guess. Just wanted to let you know ??

Guido

My new approach:

1. Form: besides an input field for a sum result, a hidden input with as value the sum result
2. Upon submit get value of this hidden input with $_post
3. Create transient with random name, and use value from hidden input as value in this transient
4. Validation: compare sum result (that user has filled in) with value from transient
5. After validation (successful or not) get transient name and delete transient

Now database is not floaded with temporary transients anymore.

Guido

Hi Guido,
Merry Christmas and happy new year!

It seems to me that yours is a very good method!
No changes are needed to wp-cron.php or tricks and artificies that insert routines in the background to delete expired transients. ( I use transients that are 15 minutes old ).
Thank you, goodbye.

My approach as described in my previous reply turns out to be not very safe, because you should never send the result as hidden field, because this can be caught and reused. This is more safe:

• Create transient on pageload and only if this transient is not present yet. Use IP to create unique transient name. This transient contains values for sum captcha. Set expire on 1 hour.
• Form uses the values of this transient to display sum captcha.
• Upon submit the result that user has filled in is compared with transient.
• If they match, submission is successful and transient is deleted.