Stopping spam registration on acts_as_authenticated

What I’ve done in the past and seems to work, is generate a unique id on the serverside (hashing for example), then putting that in a session variable and injecting it through a javascript function in a field. This won’t work on browsers with JS turned off, but it’s pretty good protection and the user doesn’t need to know about it (i.e. your actually filling in the captcha yourself through JavaScript).

Pseudo code:

Controller show_registration_page:

@unique_id = hash_value(

session[:form_validator] = @unique_id


— your other form fields here —

Controller save_registration:

if params[:validator_field] == session[:form_validator]





Pretty easy to implement and no complaints about spamming.

Best regards

Peter De Berdt