Situation, a user MAY upload a file and MAY trigger the spam filter. If it does trigger the spam filter i save all the post data and show a captcha. If the 'bot' doesnt succeed by the time the session times out the HttpPostedFile data (which includes uploaded file) should discard.
I am assuming i dont want to put the uploaded data into session (it is likely to be a few Kb but may be 20mb+). So how i store/discard this data efficiently and properly