As SE's have neither username nor password, they'll never encounter content B.

True.(excepting a bug in your authentication process, but that's another story).

(The logged in session ID is handled with javascript, FYI).

I take the opportunity to remind that Googlebot executes Javascript. (but this is unrelated to your question about authentication)

Well, thank you, first of all. I know, Google has improved its skills on java.And I know, we shouldn't disallow javescripts. But, I was actually thinking about disallowing the specific login script. Would that be safe/beneficial?

Here's a slightly tangential answer: As a human user, it annoys me to no end when I find something in a search engine, go to the referenced site ... and run slap into a paywall or login prompt. If content isn't accessible to random users off the street, don't let search engines know it exists.

Yes, Google will sulk and pout when you disallow a script. Well, tough on them. (For example, they grumble that they're not allowed to crawl my analytics code, even though it's a very well-known program, called by its default name and stored in its default location, so they have no reason to think it's anything other than analytics.)

Here's a slightly tangential answer: As a human user, it annoys me to no end when I find something in a search engine, go to the referenced site ... and run slap into a paywall or login prompt. If content isn't accessible to random users off the street, don't let search engines know it exists.

On a page we find content A - if a user logs in, the content changes slightly to content B. Need I worry about duplicate content?

So I assume that the content is nearly the same, and doesn't necessarily require a login. May be the difference is just personalized for the user signing in.

>>Need I worry about duplicate content?

i think you are asking the wrong question, this has nothing to do with duplicate content. it is not a potential duplicate content issue.

do you actually mean: should you be worried that users see different content to googlebot?

@justpassing "So I assume that the content is nearly the same, and doesn't necessarily require a login. May be the difference is just personalized for the user signing in."
No, the content change requires a login. If no login, the content remains static.

@topr8 "think you are asking the wrong question, this has nothing to do with duplicate content. it is not a potential duplicate content issue. do you actually mean: should you be worried that users see different content to googlebot?"
No, I actually worry, if it safe to assume that SEs won't ever encounter content B, as SEs can't login?
When the user logs in, we do want the content to change.

The question is, how much does it change? topr8's point is that this is not a "duplicate content" issue--it's all happening at the same URL--but a "cloaking" issue, where humans are shown different content from what search engines see. But if the only humans who see different or additional content are logged-in humans, then it's not really cloaking, since you're primarily talking about humans who have never been there before* and therefore wouldn't be logging in anyway.


* Maybe. I've noticed a surprising number of repeat visitors who come back via a search engine, even if their previous visit was only an hour earlier, as if browser history is yet another thing that humans have forgotten how to use.

Ahhhh, that's an interesting approach. And I'm sorry to hear the term cloaking used! But I do see the point. No: no cloaking! The content change consists only of the addition of a few details, which are not shown to the public eye, but only to our registered users. I wasn't clear enough on that from the beginning.

If you want that hidden (logged in stuff) to remain pristine then you can't let g see it.

BUT, and take this to the bank, g MIGHT consider this cloaked. You need to be more specific as in setting up a paywall for that ADDITIONAL content.

That said, if the visitor is using Chrome, your hidden stuff will be found as that browser reports home.

I do take your point. But, then any site, which requires a login, Facebook, gmail itself, some webshops require a login to see prices and purchase, is a potential cloaker. Or? They/we deliver a service, which a user must login to use. Nothing that never was seen before. Hence I don't see the deceptive element.

Has G ever said, anywhere, that showing different/additional content to logged-in users only counts as cloaking? The idea behind the “cloaking” issue is that if people click a search-engine link, they should see what the search engine saw, because otherwise the site has been deceptive. Seems to me it’s only cloaking if non-logged-in users also get served different content than what you showed to the search-engine robot.

At the risk of topic drift: Setting aside the issue of entire pages that require a login to be seen at all (not because I don't think it's important but because it's a whole nother issue), there are potentially three kinds of content
1. what the search engine sees
2. what the non-logged-in user sees
3. what the logged-in user sees
If #1 is significantly different from both #2 and #3, that's cloaking. And then you can argue about whether #1 should match #2 or whether it's OK to match #3 instead.

"If #1 is significantly different from both #2 and #3, that's cloaking."

Great contribution. As we're not even close to this situationen, I'm now officially unconcerned about this topic. And, I won't be concerned with duplicate content, either. As I now feel assured, even if SE's should encounter content B, the changes are so miniscule, they either wouldn't care or even notice.

Thanks for all your input!