Comment 2 for bug 610178

The CAPTCHA code uses the built-in PHP session management facility (start_session(), and so on). No explicit cookie parameters are set. The documentation for cookie lifetime suggests the default is 0, or no expiry date which means the cookie is not persistent and is cleared when the browser closes: http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime

To reproduce this issue, I browsed to a Guest Browsing link. I used Firefox with the View Cookies extension. I observed the P cookie and once I browsed to the create account page with the CAPTCHA, I also observed the PHPSESSID cookie. The View Cookies extension reported both cookies as expires-in-session, i.e. not persistent. I restarted the browser and returned to the Guest Browsing link. On the Terms of Service landing page, I observed that there were no cookies for the domain.

It seems that the CAPTCHA cookie is not persistent and there's no bug here -- or not enough information to reproduce.