Why did you not use the tag library implementation to render your hidden input tag when you used it for the html:form tag and all the other inputs? This might something to do with it. What property will the value be bound to on the backing bean? Is the hidden input field even getting rendered when you examined your HTML output source?
It is just a simple example thru which i wanted to convey the idea.Actual implementation is somwhat like this only where in i have to block a hidden parameter and sanitize it from xss issues.This can be done thru filters.But i am not getting what is going wrong in the code.