flask-session-captcha
Advanced tools
A captcha implemention for flask using flask-session and captcha packages. Each captcha challenge answer is saved in the server side session of the challenged client. Support for different types of captchas such as numeric/letter/symbol captchas.
flask-sessionstore to flask-session. Added functionality for alphabetic and punctuation characters to be included in the captcha (thanks @alisharify7). Support moved to python 3.8, 3.9, 3.10, 3.11.import uuid
import logging
from flask import Flask, request, render_template
from flask_session import Session
from flask_session_captcha import FlaskSessionCaptcha
app = Flask(__name__)
app.config["SECRET_KEY"] = uuid.uuid4().hex
# captcha configs:
app.config['CAPTCHA_ENABLE'] = True
app.config['CAPTCHA_LENGTH'] = 5
app.config['CAPTCHA_WIDTH'] = 200
app.config['CAPTCHA_HEIGHT'] = 160
# app.config['CAPTCHA_LOG'] = False # log information to terminal
# app.config['CAPTCHA_INCLUDE_ALPHABET'] = False
# app.config['CAPTCHA_INCLUDE_NUMERIC'] = True
# app.config['CAPTCHA_INCLUDE_PUNCTUATION'] = False
# app.config['CAPTCHA_SESSION_KEY'] = 'captcha_image' # In case you want to use another key in your session to store the captcha
# session config
app.config['SESSION_TYPE'] = 'redis' # or other type of drivers for session, see https://flask-session.readthedocs.io/en/latest/
Session(app)
captcha = FlaskSessionCaptcha(app)
@app.route('/', methods=['POST','GET'])
def some_route():
if request.method == "POST":
if captcha.validate():
return "captcha validated successfully"
else:
return "invalid captcha/answer"
return render_template("form.html")
if __name__ == "__main__":
app.run(debug=True)
Template can look as follows. captcha.validate() will be default try to validate against a form input with name "captcha".
<form method="POST">
{{ captcha() }} <!-- This renders an <img> tag with the captcha img. -->
<input type="text" name="captcha">
<input type="submit">
</form>
It can also take a css_class argument to add classes to the generated DOM:
<form method="POST">
{{ captcha(css_class="captcha") }}
<input type="text" name="captcha">
<input type="submit">
</form>
You can also override settings for the captcha contents itself, via include_alphabet, include_numeric and include_punctuation.
Like so:
<form method="POST">
{{ captcha(include_alphabet=True) }}
<input type="text" name="captcha">
<input type="submit">
</form>
FAQs
Captcha implementation for flask and flask-session.
We found that flask-session-captcha demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Industry Insights
Terry O’Daniel, Head of Security at Amplitude, shares insights on building high-impact security teams, aligning with engineering, and why AI gives defenders a fighting chance.
Security News
MCP spec updated with structured tool output, stronger OAuth 2.1 security, resource indicators, and protocol cleanups for safer, more reliable AI workflows.
Security News
More than half of CISOs now manage 10+ security areas, often with few legal safeguards and short tenures, yet continue to secure budgets and higher pay.