Skip to content

ReCaptcha "invalid-request-cookie"


My browser showed an error which sourced from ReCaptcha:


The official document says that the "invalid-request-cookie" means:
The challenge parameter of the verify script was incorrect.
In fact, there are four parameters in reCaptcha, they are:
  • privatekey (required): Your private key.
  • remoteip (required): The IP address of the user who solved the CAPTCHA.
  • challenge (required): The value of "recaptcha_challenge_field" sent via the form.
  • response (required): The value of "recaptcha_response_field" sent via the form.

Therefore, this error could come from any one of the fours. The private key can not be arbitrary, you have to get it from the official site. For further guidance, you can refer to my post: How to Get reCaptcha Public and Private Keys for Your Website.

If you are pretty sure that the private key, remote ip and the positions of parameters are correct. It could be the 3rd, 4th or both parameters caused the problem.

Before we debug it, you should know the values of the parameters are represented by $_POST['recaptcha_challenge_field'] and $_POST['recaptcha_response_field'], thus, if there's any kind of digestion on $_POST, it may change the values.

Chances are $_POST may accidentally be trimmed / appended, encrypted / decrypted  or encoded / decoded in the midway of web pages processing, so the values could have been altered before sending them to reCaptcha servers of Google.

The solution to this problem could be a complicated process. For resolving the problem, you should check any altering operation on $_POST in your codes and make sure both of them are intact as origins. In my case, I unintentionally encrypted all $_POST before sending them out and got this error.

Leave a Reply

Your email address will not be published. Required fields are marked *