Question to understand and to feel safe ... sorry for my english.
At a php based web shop we use session management with cookies or URL-parameters for tracking. SE bots get the page without session IDs. Human visitors will be redirected to the same page with a session ID in all links.
We identify bots by known ip adresses or by their access of robots.txt. Identified bots get an 200 and the page without session IDs.
Concern: If googlebot visits the page anonymously, he will get a redirect and a page with session IDs. Content of the two pages is the same but the html code is different because of session ID.
If so: how to handle it?
Should we put meta robots noindex nofollow at all pages with session IDs?