Why are there temporary PHP files in captcha/cache directory

Question:
Why are there temporary PHP files in captcha/cache directory?
I use WP File Monitor and this plugin is constantly reporting that there are several PHP files being added to or removed from the captcha/cache directory (see example below).

This is a short example of what WP File Monitor is reporting:
Fast Secure Contact Form
wp-content/plugins/si-contact-form/captcha/cache/tH62zln16meClOEM.php

SI CAPTCHA Anti-Spam
wp-content/plugins/si-captcha-for-wordpress/captcha/cache/fqbTWJq30IhAgoBi.php

I just want to make sure that this has something to do with the new way the plugin is storing the CAPTCHA codes, and not some sort of hack. If so, I may decide to exclude the captcha/cache directory from WP File Monitor because it is sending me frequent reports about the changes.

Answer:
The files are normal because of a new feature where PHP Sessions are no longer required for the CAPTCHA. The new method uses temporary PHP files in a /captcha/cache/ folder to store the CAPTCHA codes until validation.

PHP sessions can still be reactivated by checking the setting: “Use PHP sessions”. Then the temporary files will no longer be created. But the reason I have to make the optional temporary files method is because some servers have broken PHP session handling, or some other plugins that break the sessions. So this new feature makes my plugin work for many more people out of the box.

PHP session disabled (uses temporary PHP files, no cookies)
PHP sessions enabled (uses PHP session cookies only)

Do you need help?

Send us a Donation:

Donate to Mike Challis

Comments are closed.