user registeration form without captcha?

Question

Hi,

I was trying to sign-up Twitter today and I noticed that their registration form does not have a captcha. The form URL is https://twitter.com/signup. I also noticed that they used an input like below.

<input name="authenticity_token" type="hidden" value="ce803cee65a96aaa97bdf75da166599c3adc9ec8" />

what kind of method is this?

Do they create a temp value in their database when a user access the registration form? and check it when a user submit the form?

Answer 1

I can't say for certain, but I do know that some people have used Javascript to do stuff dynamically, ie, set a hidden input to some random but expected value. This works off the assumption that most automated clients won't be parsing Javascript.

Answer 2

authenticity_token is a feature of Ruby-on-Rails, in which Twitter is written.
See this question.