Yes, when you applied the server validation you compared the submitted form value to itself... which will always match.
You need to compare the value entered into the form element to the Session value stored by the CAPTCHA, which is what the updated code does.