diff --git a/.planning/STATE.md b/.planning/STATE.md
index 014abee..21aa9f3 100644
--- a/.planning/STATE.md
+++ b/.planning/STATE.md
@@ -10,18 +10,18 @@ See: .planning/PROJECT.md (updated 2026-01-16)
 ## Current Position
 
 Phase: 8 of 9 (Bug Fixes & Legacy Parity)
-Plan: Not started
-Status: Ready to plan
-Last activity: 2026-02-06 — Added gap closure phases from milestone audit
+Plan: 1 of 2 complete
+Status: In progress
+Last activity: 2026-02-06 — Completed 08-01-PLAN.md (session bug fix)
 
-Progress: ███████░░░ 78% (7/9 phases)
+Progress: ████████░░ 84% (8/9.5 plans)
 
 ## Performance Metrics
 
 **Velocity:**
-- Total plans completed: 7
-- Average duration: ~45 min per phase
-- Total execution time: ~5.5 hours
+- Total plans completed: 8
+- Average duration: ~30 min per plan
+- Total execution time: ~4 hours
 
 **By Phase:**
 
@@ -34,7 +34,7 @@ Progress: ███████░░░ 78% (7/9 phases)
 | 5 | 1 | Real-time calculations with German decimal support |
 | 6 | 1 | Form handler, email generator, wp_mail() integration |
 | 7 | 1 | Captcha verification and inline validation |
-| 8 | — | Bug fixes & legacy parity (gap closure) |
+| 8 | 1/2 | Bug fixes & legacy parity (gap closure) |
 | 9 | — | Internationalization (gap closure) |
 
 **Overall Trend:**
@@ -55,6 +55,9 @@ Recent decisions affecting current work:
 | 1 | Capability: edit_posts | Allow editors and admins (not just admins) |
 | 1 | Menu position 25 | Below Comments, logical grouping |
 | Audit | Fix all 4 gaps for v1.0 | Full legacy parity before shipping |
+| 8-01 | Use uniqid('', true) with more_entropy | Extra entropy prevents collisions under high traffic |
+| 8-01 | Pass form_id via hidden field + GET param | WordPress-native, no sessions needed |
+| 8-01 | Delete transient after display | Prevents stale errors on refresh |
 
 ### Deferred Issues
 
@@ -68,7 +71,7 @@ None.
 
 ## Session Continuity
 
-Last session: 2026-02-06
-Stopped at: Created gap closure phases 8-9
+Last session: 2026-02-06T13:55:34Z
+Stopped at: Completed 08-01-PLAN.md
 Resume file: None
-Next up: Plan phase 8 (Bug Fixes & Legacy Parity)
+Next up: Plan 08-02 (Additional work sections and Sonstiges integration)
diff --git a/.planning/phases/08-bugfixes-legacy-parity/08-01-SUMMARY.md b/.planning/phases/08-bugfixes-legacy-parity/08-01-SUMMARY.md
new file mode 100644
index 0000000..7eff68d
--- /dev/null
+++ b/.planning/phases/08-bugfixes-legacy-parity/08-01-SUMMARY.md
@@ -0,0 +1,107 @@
+---
+phase: 08-bugfixes-legacy-parity
+plan: 01
+subsystem: form-validation
+tags: [wordpress, transients, form-handling, error-display]
+
+# Dependency graph
+requires:
+  - phase: 07-captcha-validation
+    provides: Captcha verification and validation error handling
+provides:
+  - Per-submission unique form IDs preventing error cross-contamination
+  - Consistent error format for both captcha and validation errors
+  - WordPress-native transient keys using hidden field pattern
+affects: [08-02, any future form validation work]
+
+# Tech tracking
+tech-stack:
+  added: []
+  patterns:
+    - "Hidden form ID with uniqid() for per-submission transient keys"
+    - "Consistent error format: array('messages' => [...], 'fields' => [...])"
+    - "GET parameter for form_id to retrieve errors after redirect"
+
+key-files:
+  created: []
+  modified:
+    - includes/class-form-renderer.php
+    - includes/class-form-handler.php
+
+key-decisions:
+  - "Use uniqid('', true) with more_entropy for collision resistance under load"
+  - "Pass form_id via hidden field and GET parameter (no sessions, no cookies)"
+  - "Delete transient immediately after display to prevent stale errors"
+
+patterns-established:
+  - "Form error handling: Hidden field → POST → Transient → Redirect with GET param → Display → Delete"
+  - "Validation error wrapping: Always use 'messages' and 'fields' keys for consistency"
+
+# Metrics
+duration: 1min
+completed: 2026-02-06
+---
+
+# Phase 8 Plan 1: Session Bug Fix Summary
+
+**Replaced unreliable session_id() with unique form_id using uniqid() and hidden fields, fixing production-blocking error cross-contamination between users**
+
+## Performance
+
+- **Duration:** 1 min
+- **Started:** 2026-02-06T13:54:24Z
+- **Completed:** 2026-02-06T13:55:34Z
+- **Tasks:** 1
+- **Files modified:** 2
+
+## Accomplishments
+- Eliminated session_id() bug causing all users to share 'umzugsliste_errors_default' transient key
+- Implemented WordPress-native hidden field pattern for per-submission unique IDs
+- Fixed validation error format inconsistency (flat array vs array with 'messages' key)
+- Both captcha and validation errors now use consistent structure
+
+## Task Commits
+
+Each task was committed atomically:
+
+1. **Task 1: Replace session_id() with hidden form ID in renderer and handler** - `28fcfcc` (fix)
+
+**Plan metadata:** (will be committed separately with STATE.md)
+
+## Files Created/Modified
+- `includes/class-form-renderer.php` - Generate unique form_id with uniqid(), retrieve errors via GET parameter, add hidden field
+- `includes/class-form-handler.php` - Extract form_id from POST, use for transient keys, redirect with form_id query param, wrap validation errors in proper format
+
+## Decisions Made
+- **Use uniqid('', true) with more_entropy parameter:** Extra entropy prevents collisions under high traffic
+- **Pass form_id via hidden field and GET parameter:** WordPress-native approach that works on all hosting (no session_start() required)
+- **Delete transient immediately after display:** Prevents stale errors from persisting on page refresh
+- **Wrap validation errors in array with 'messages' key:** Matches captcha error format expected by render_validation_errors()
+
+## Deviations from Plan
+
+None - plan executed exactly as written.
+
+## Issues Encountered
+
+None - straightforward implementation following research patterns.
+
+## User Setup Required
+
+None - no external service configuration required.
+
+## Next Phase Readiness
+
+Error handling foundation is solid. Ready to:
+- Integrate additional work sections (Plan 08-02)
+- Add Sonstiges free text field (Plan 08-02)
+- No blockers or concerns
+
+Technical notes for future work:
+- The form_id pattern can be reused for any per-submission tracking needs
+- Transient expiration (300s) is appropriate for form errors but can be adjusted if needed
+- The error format ('messages' + 'fields' arrays) supports field-specific error highlighting if implemented later
+
+---
+*Phase: 08-bugfixes-legacy-parity*
+*Completed: 2026-02-06*