The official document says that the "invalid-request-cookie" means:
The challenge parameter of the verify script was incorrect.In fact, there are four parameters in reCaptcha, they are:
- privatekey (required): Your private key.
- remoteip (required): The IP address of the user who solved the CAPTCHA.
- challenge (required): The value of "recaptcha_challenge_field" sent via the form.
- response (required): The value of "recaptcha_response_field" sent via the form.
How to Get reCaptcha Public and Private Keys for Your Website
If you are pretty sure that the private key, remote ip and the positions of parameters are correct. It could be the 3rd, 4th or both parameters caused the problem.
Before we debug it, you should know the values of the parameters are represented by $_POST['recaptcha_challenge_field'] and $_POST['recaptcha_response_field'], thus, if there's any kind of digestion on $_POST, it may change the values.
Chances are $_POST may accidentally be trimmed / appended, encrypted / decrypted or encoded / decoded in the midway of web pages processing, so the values could have been altered before sending them to reCaptcha servers of Google.
The solution to this problem could be a complicated process. For resolving the problem, you should check any altering operation on $_POST in your codes and make sure both of them are intact as origins. In my case, I unintentionally encrypted all $_POST before sending them out and got this error.