Hidden fields do not affect the appearance of the page that is presented to the user . Instead, they store fixed names and values that are sent unchanged to the server, regardless of user input. Hidden fields are typically used for three purposes:
Tracking the user. As the user moves around within the site, user IDs in hidden fields can be used to track which pages the user has visited or to indicate the selections made by the user. In practice, servlet authors typically rely on the servlet session tracking API rather than attempting to implement session tracking at this low level. For details on session tracking, see Chapter 9.
Providing predefined input to a server-side program. When a variety of static HTML pages act as front ends to the same program on the server, predefined hidden fields can help provide information about the requesting source page. For example, an online store might pay commissions to people who refer customers to their site. In this scenario, the referring page could let visitors search the store's catalog by means of a form, but embed a hidden field giving its referral ID.
Storing contextual information in pages that are dynamically generated. For example, in a table listing the items in a shopping cart, you can place a hidden field in each row to identify the particular item ID. In this manner, the user can modify the number of items ordered and, when submitted to the server-side program, the hidden field will identify the item being modified. The user never needs to see the item ID on the HTML page.
Note that the term "hidden" does not mean that the field cannot be discovered by the user, since it is clearly visible in the HTML source. Because there is no reliable way to "hide" the HTML that generates a page, authors are cautioned not to use hidden fields to embed passwords or other sensitive information.
HTML Element: <INPUT TYPE="HIDDEN" NAME ="..." VALUE="..."> (No End Tag)
Attributes: NAME (required), VALUE
This element stores a name and a value, but no graphical element is created in the browser. The name/value pair is added to the form data when the form is submitted. For instance, with the following example, itemID=brown001 will always get sent with the form data.
<INPUT TYPE="HIDDEN" NAME="itemID" VALUE="brown001">