Idea to stop spam bots

[djr33]

No, that's simply untrue. They're completely unrelated. You can use cookies from PHP or, I think, send them in HTTP headers directly. ReCAPTCHA does something different, true. It uses Javascript. I believe it still uses sessions or something like sessions, though. I can't remember the details.

There are OCR programs to read text from an image. I don't know how many bots actually try that, but, yes, that's why the letters are obfuscated.

Well, it's still a lot more work than just creating a text-only bot that reads HTML pages.

[traq]

Cookies rely on javascript.
If you don't have javascript on, cookies won't work.

cookies work over HTTP. JavaScript can create them, but is not required for them to function.

...You can use cookies from PHP or, I think, send them in HTTP headers directly.

PHP simply sets the proper HTTP headers. (i.e., You could do the same thing using header().)

I thought there are bots out there that actually analyse the image and try to work out what it says?
That's why all the letters on them are slanted and so on.

true. not with javascript, however (that'd be pretty inefficient and not very effective). AFAIK, python and java are common bot languages (for more advanced bots; there are tons of php bots running around that may or may not actually qualify as "bots").

[djr33]

PHP simply sets the proper HTTP headers. (i.e., You could do the same thing using header().)

Right. I meant that you don't even need PHP. You could do something with .htaccess or just in the server settings for what to do with HTTP requests. (And of course any other serverside language.)