Session IDs vs. Cookies: The Great Standoff

Ever heard of session IDs? They seem to be an ingenious way to track user behavior on your web site. Every single user who visits your site gets a unique ID, which is added onto the end of a URL like this:

Cool. Now you can track the entire click path of every visitor to your site, just by following the ID tag. And even better- session IDS let you track every single visitor to your web site, unlike cookies which only work if a user has them enabled in their browser.

Sound too good to be true? IT IS.

Yes: succumb to the siren song of session IDS, and they’ll drag your web site down to the bottom of the SERPs.

Why? Let’s let Google answer this one:

“[Best practices are to] allow search bots to crawl your sites without session IDs or arguments that track their path through the site. These techniques are useful for tracking individual user behavior, but the access pattern of bots is entirely different. Using these techniques may result in incomplete indexing of your site, as bots may not be able to eliminate URLs that look different but actually point to the same page.”

Google Webmaster Guidelines

“Minimize the number of redirects and URL parameters [Ed. Note: I’d keep it to 1-2 parameters if possible]. And don’t use &id= in the URL for anything other than a session ID. Since it generally is a session ID, we treat it as such and usually don’t include those URLs in the index.”

Vanessa Fox (Product Manager for Google’s Webmaster Tools and Webmaster Central)

Search engines have difficulty deciphering sites that provide a different version of every URL every time they pay you a visit. And if your URLs actually do make it into the index, then you’ll be faced not only with duplicate content issues, but the very fact that you now have URLs with session IDs indexed. That lets people enter your site through old session IDs: so much for data integrity.

Okay, you’re probably wondering, so now what do I do now that you’ve shattered my dreams about session IDs?

Use cookies. Yes, it’s true that about 10% of users do not have cookies enabled, but 90% of them still do. And personally, we’d rather have you be able to track 90% of regular visitors (and you’ll get a lot of ’em if you use SEO best practices) than 100% of no visitors. Because no visitors is what you’ll likely get if you use Session IDs.