The problem you mention with session IDs. I understand that, as commonly used, they can be spider traps, but they are also the only reliable way to do personalization without relying on cookies, java or javascript.
Okay, that's not true. You can custom-build each URL, but that's even worse for search engines than SIDs. And there's HTML authentication, but ... hmmm, what was wrong with HTML authentication again?