问题
I was trying to sign-up Twitter today and I noticed that their registration form does not have a captcha. The form URL is https://twitter.com/signup. I also noticed that they used an input like below.
<input name="authenticity_token" type="hidden" value="ce803cee65a96aaa97bdf75da166599c3adc9ec8" />
what kind of method is this?
Do they create a temp value in their database when a user access the registration form? and check it when a user submit the form?
回答1:
authenticity_token is a feature of Ruby-on-Rails, in which Twitter is written.
See this question.
回答2:
I can't say for certain, but I do know that some people have used Javascript to do stuff dynamically, ie, set a hidden input to some random but expected value. This works off the assumption that most automated clients won't be parsing Javascript.
来源:https://stackoverflow.com/questions/2797513/user-registeration-form-without-captcha