I saw a project request to implement sessionless captcha verification. In blink of a second I thought, sounds like a dumb request, if there is no session, then the data has to be carried along with the html form that gets posted and if so, a clever program can pick up the value and submit it. Then, in the second blink, I formulated that this can be done using a two-way encryption. Essentially, generate a random word(s) on the server side, two-way encrypt it and then put the encrypted string in the form as a hidden variable. In addition, provide the encrypted string in the image url that gets generated dynamically. The image request can decode the string and then render the captcha image. When the user submits the value, the form contains the user’s value and the encrypted value which can be confirmed on the server.