In a previous post I gave a recipe for creating and verifying CAPTCHA images. In practice that method could be vulnerable to a replay attack. That is, once a valid cookie and image text value were obtained, they could be reused again. This post describes a way to add a timeout, so that the valid value can be made to expire after a short period of time.
