One of my sites is for old mobile phones that don't accept cookies so it uses a URL-based Session ID.

However, Google is indexing the Session ID, so when my site is searched on Google, all the results come up with a specific Session ID.

On most occasions, that Session ID is no longer valid by the time a guest clicks on it, but I've had at least one case where a guest clicked on a link from Google and it actually logged them into someone else's account, which is obviously a huge security flaw.

So how can I keep Google from indexing the Session ID in my URL's? In case it helps, the Session ID has always been set to "Representative URL" in Google's Webmaster Tools.

You can do this by placing a robots.txt file in your root web directory to tell Googlebot and all other crawlers not to crawl URLs with that attribute.

Here is an example:

Lets say the URL you want to block is in the form of:

http://www.mywebsite.com/page.html?id=1234

The robots.txt syntax to block URLs with the id attribute is:

User-agent: *
Disallow: /*id

You can find out more about robots.txt at http://www.robotstxt.org

Read more about this at http://www.seochat.com/c/a/Search-Engine-Optimization-Help/Preventing-Duplicate-Content-on-an-ECommerce-Site-from-Session-IDs/1/