Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.On this page
Server side validation
This documentation needs work. See "Help improve this page" in the sidebar.
Overview
As an advanced optional feature, Honeypot allows adding server-side validation by using unique token per form submission. This implementation is based on the Drupal 7 Hidden Captcha module.
Caching can be a problem if the field value gets cached and used by multiple users, so the page caching should be disabled if server-side validation is enabled.
Configuration
To enable this feature, follow these steps:
- Login as an administrative user on your Drupal site.
- Navigate as follows: Configuration > Content authoring > Honeypot configuration.
- Click on the checkbox corresponding to `Advanced validation`.
- Save the settings.
- Clear your site cache.
This will enable the new validation, and add another field to the form which will contain the new token.
Considerations
This field is based on session data, so there might be issues with anonymous users using forms in Incognito mode.
The honeypot_add_form_protection() function now has a new parameter which is the Form ID. If you have a custom integration of this function, please make sure to send the new parameter to it.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
