Age Verification Script - Client or Server Side?
A site I’m currently working on requires an age verification check for all site visitors. No, not porn - it’s a website for an alcoholic beverage, so all users must be of legal drinking age. The process is simple: new users to the site must choose “yes” to the question “are you of legal drinking age?”, and if so they are allowed access to the site’s content.
I elected to build this age verification script on the server side, using PHP. The script checks if a cookie is present: if it is, the user is let in; if it isn’t, the user is redirected to the yes/no page.
It then occurred to me that search engine bots will be blocked from accessing the site, since bots do not hold cookies as they crawl. So I borrowed a basic script from the Internets that checks for major search engine bots, and if any of those were detected, they were allowed to skip the age verification question.
However now I’m wondering, should I have simply built the script in Javascript instead? Bots cannot run javascript, so all bots would be allowed to crawl the site, without any ugly hacking.
Of course this means that any user (young or old) who is browsing with Javascript turned off will also have unfettered access to the site.
(…thinking about it…)
I’m sticking with my guns on this one that server side is the better solution for this project, and here’s why: It’s more important to keep underage visitors out of the site than to let every search engine bot in.
Unless you think I’ve missed something?
