reCaptcha Not Saved When Form Submitted with Field Inadvertenly Left Blank

Hi there,

We are using reCaptcha V2 with our forms. When a visitor submits our contact form with the reCaptcha field checkbox confirmed (checkmark present) and with a field inadvertenly left blank, the reCaptcha field checkbox resets itself (i.e., checkmark disappears).

Details: Screenshot by Lightshot

Is this a bug – or – can you guys revise your code such that the reCaptcha checkbox is properly saved when a form field is inadvertenly left blank?

To see the above in action, please visit this page: Contact | Omnia Aerospace

Note: We do not have this issue with our Subscription form (a MailPoet form).

To see the above in action, please visit this page: Subscribe | Omnia Aerospace

Thank you!

This is working as designed. Google does not permit the reCAPTCHA response to be used multiple times.

Hi Richard,

Not entirely true.

Technically, the Google reCAPTCHA user response token is valid for two minutes, so the checkmark should remain in place for that amount of time as long as the user fills the empty fields and resubmits the form within that time period. If the form is not resubmitted within two minute, then the Google reCaptcha displays a “time-out” message.

Our Subscription (Mailpoet) form meets this criteria.

Before (within two-minute timeframe): Screenshot by Lightshot
After (after two-minute idle time): Screenshot by Lightshot

So, if you don’t mind, it would be great if you can pass this along to your developers for review and resolution.

Thank you!

Here’s another finding (bug): Screenshot by Lightshot

You should be able to replicate all of the above quite easily.

Thank you!

Hey Richard,

Can you take a look at our findings (i.e., bugs we found)?

You should be able to replicate them – and hopefully – provide a fix.

Thank you!

Hi Jonathan. The reCAPTCHA token is valid for two minutes but may only be validated once. This is from the docs you linked to:

“Each reCAPTCHA user response token is valid for two minutes, and can only be verified once to prevent replay attacks. If you need a new token, you can re-run the reCAPTCHA verification.”

I’ve discussed this with the product team, and they do not have any plans to change how this works. If you would like to suggest a change, you can submit a feature request here, which will be sent directly to the product team:

Thank you.

Hi Chris,

That’s my point. Once the user checks the checkbox (but inadvertenly omits one field in the form), the checkmark should not disappear as long as the form is filled out completely within two minutes.

Here’s how Gravity Forms (with Google reCaptcha) should work:

  1. Visit this page: Subscribe | Omnia Aerospace
  2. Complete all fields (including the reCaptcha field), except the email field.
  3. Click on “Sign Up” several times and you’ll notice the checkmark in the reCaptcha field does not disappear as long as you’re within the two-minute period. If you wait two minutes or more to click the “Sign Up” button, you’ll get a reCaptcha time-out message.

In my opinion, Gravity Forms should behave the same way.

Thank you.