I have an upload form with reCaptcha v3 in PHP with DropzoneJS. I am uploading 10 files with 10 different Post requests. When a User uploads 10 files, the client gets 10 different Captcha Tokens in a few milliseconds. The Server then timeouts because he has to check 10 different Tokens within some very short time.
Would it still be safe if the user would get the reCaptcha Token only on the first post request? The Captcha State would be saved in the user Session and if it's valid, the client would not have to get 9 more Captcha tokens.
Like: (logic code)
if Captcha is valid: $SESSION['captcha'] = 'valid';
if files_ammount > 10 = getNewCaptchaToken();
