Session_start and Google

All my pages of a particular website start with session_start(). I then check $_session['some_var'] to see whether a user is logged in.

If $_session['some_var'] is not set, should I call session_destroy(), so that search engines aren't served pages with PHPSESSID's?

Thx!

 

you can check user-agent

if ($agent == "googlebot") {
displaycodestogooglebot ;
} esle {
session_start () ;
other_codes ;

}

 

if (!preg_match('/googlebot/i', $_SERVER['HTTP_USER_AGENT']))
{
     session_start();
}

PHP:

 

Just a warning, most SE's consider this cloaking.

Use at your own risk.

Ari

 

You should never have to worry about this unless you append session IDs to URLs, which is a bad idea for several reasons.

 

How do you maintain sessions for users who don't accept cookies then?

 

Completely not true.

 

First, upload the spiders.txt file attached to this post.

Next, create a function like this:

	function isSpider(){
		$user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
		if (!empty($user_agent)) {
		  $spiders = file('/patch/to/spiders.txt');
		  for ($i=0, $n=sizeof($spiders); $i<$n; $i++) {
				if (!empty($spiders[$i])) {
					if (is_integer(strpos($user_agent, trim($spiders[$i])))) {
						return true;
						break;
			  	}
				}
		  } 
		} 
		return false;	
	} # end function

PHP:

Then, in a global file use code like this:

	if ( isSpider() === false ){
	/* 
	 * Start the session
	 */
		session_start(); 
		define('SESSION_STARTED', true);

	} else {
	/*
	 * Spider, don't start the session
	 */
		define('SID', NULL);
		define('SESSION_STARTED', false);
	}

PHP:

Once that is implemented you should be able to detect and make actionable a spiders user agent. The next step would be to encapsulate the href link output with a function that will use the defined constants to suppress session ID concantenation.

Bobby

 

@Chemo: Wow, thanks!

Why don't I just do a session_destroy() when the login session cookie is not set on pages other than the login&account page itself?

I use session_start() on other pages too (like the blog, the screenshots, ...) to display a link back to the account... Will a sequence of session_start() / check whether user is logged in / session_destroy() not prevent the PHPSESSID to be appended to links on a page?

 

hey, if you don't explicitly append the session id to your urls, your urls should not have the session ids appended. i've encountered this before - the problem is not your code. it's your host setup.

contact your host and tell them to restart php with sessions enabled. that should solve your problem.