Is there a right and wrong way to create a guest session in PHP? I searched the forums, and found this, which is pretty similar to what I was thinking of doing:

if (!$_SESSION['username']) {
$_SESSION['username'] = "Guest";
}
My second question is, how do I allow robots to spider my pages without sessions?

I've searched all over the web for this and can't figure it out. For something that seems so common, it's amazing how little information is out there. Is this something that's so obvious that it isn't even worth explaining? (this is sort of a bump :P )

Well, since PHP doesn't have any native support for authentication (excluding HTTP), any session is a “guest session” in the eyes of PHP. So, just create a normal session, as if you were creating it for a user… if it happens to have a user associated with it, just add that… otherwise, don't.

I'm curious to know how spiders index sites that require membership as well.

edit:/ Idea. Create a special area designated in your robots.txt area for the robots to index, and if the referer is google or another search engine, have it redirect to a login page for the requested userid.

I don't know how well that would work out, and I'm certain its not very safe.

edit2:/ Perhaps if you use user agents? However previous knowledge tells me that a user agent can't easily be altered.

Good point nokrev. That's all I needed to hear on that issue. Thanks. :D

As for the search engines, I'm still a little bit unclear. Google's webmaster guidelines say this:


...make sure that your site allows search bots to crawl your site without session IDs or arguments that track their path through the site.


Do they just mean "don't include session IDs in the URL" or do they mean don't attach a session period? If it is the latter, how would I not attach a session to a Google bot?

I think also you shouldnt allow google to use spiders on pages that include variables such as www.domain.com/pag.php?user=guest&lang=en

Firstly, cool URIs don't change (http://www.w3.org/Provider/Style/URI). That includes not having ugly arguments in the query string; instead, you should be using .htaccess, or other tricks, to have clean URIs.

Secondly, Google won't accept the session (cookie) you give it, as far as I know. You should make it be able to browse any part of your site that is viewable to a human without registration (otherwise, people can browse your register-only site through Google Cache). If you give them a special section, then you're gonna have to forward all links to that page from Google, to the correct page, which is rather ugly. I mean to say that you should just make your normal non-register pages open to Google (e.g. don't have query strings), and then keep Google out of pages which require registering. Otherwise it wouldn't make any sense…