PHP Captcha without session

Question

Ok, here is an issue: in the project i\'m working on, we can\'t rely on server-side sessions for any functionality.

The problem is that common captcha solutions fro

Answer 1

The need for session or database comes from the need to coordinate the GET for the image with the html page containing it, so how about use the same code to embed a captcha image: [img src='data:image/jpeg;base64,...'], use a random salt to hash its text, then sending the random salt and hash together with the image to the client in a single GET?

On postback you append the user text to the salt then compare the hashes. Just wondering how safe this would be...