how to check whether session is set or not using php

Question

I want to insert my visitor's IP info into my mysql table, i'm using jQuery Post method to do this. here is my code

Main_page.php

<?php
if(!isset($_SESSION['v_Id']) || empty($_SESSION['v_Id'])) {
echo '<script>
    $.get("https://ipapi.co/json", function (response) {
    /*
    var ip = response.ip,
        country = response.country_name,
        isp = response.org,
        timezone = response.timezone,
        calling_code = response.country_calling_code
        language = response.languages;
    alert(ip);
    alert(country);
    alert(isp);
    alert(language);
    alert(calling_code);
    alert(timezone);
    */
    $.post("./saveData", {
            ip: response.ip,
            country: response.country_name,
            isp: response.org,
            timezone: response.timezone,
            calling_code: response.country_calling_code,
            language: response.languages
        }, function(data, status){
        console.log("Data: " + data + "\nStatus: " + status);
    });
});
</script>';
}
?>

saveData.php

<?php
include 'config.php';
$date  = date('Y-m-d H:i:s', time());
// from my assets class to generate a unique string
$Id = $assets->randomString(15, 1, "upper_case,numbers");
$id = $Id[0];
$form_id = filter_var($_POST['form_id'], FILTER_SANITIZE_STRING);
$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
$ip = filter_var($_POST['ip'], FILTER_SANITIZE_STRING);
$country = filter_var($_POST['country'], FILTER_SANITIZE_STRING);
$isp = filter_var($_POST['isp'], FILTER_SANITIZE_STRING);
$calling_code = filter_var($_POST['calling_code'], FILTER_SANITIZE_STRING);
$timezone = filter_var($_POST['timezone'], FILTER_SANITIZE_STRING);
$t_ins = $conn->prepare("INSERT INTO visits(ip, country, isp, calling_code, timezone, time, visit_id) VALUES(?, ?, ?, ?, ?, ?, ?)");
$t_ins->bind_param("sssssss", $ip, $country, $isp, $calling_code, $timezone, $date, $id);
if($t_ins->execute()){
    $_SESSION["v_Id"] = $id;
}
?>

My PHP code is working fine but every time when I refresh my Main_page.php, js code is executing even when Session is set.

You can get the connecting person's IP using $_SERVER["REMOTE_ADDR"] in PHP. Also none of your code shows you starting a session. — John, Dec 02 '20 at 07:51
@John - That's a bit of a simplification. If the server is behind a proxy/load balancer or similar, then REMOTE_ADDR would most likely be the proxy/load balancer instead of the client IP. — M. Eriksson, Dec 02 '20 at 07:52
@MagnusEriksson trusting the client to tell your the IP via a post request is insecure and unreliable. — John, Dec 02 '20 at 07:54
@John - When did I say that they should use the IP from the post data? You told them to use REMOTE_ADDR and I just pointed out that REMOTE_ADDR doesn't always contain the clients IP (like if you're behind a proxy/load balancer/reverse proxy etc.) To get the client IP in PHP: https://stackoverflow.com/questions/1634782/what-is-the-most-accurate-way-to-retrieve-a-users-correct-ip-address-in-php — M. Eriksson, Dec 02 '20 at 08:13
Just add on saveData.php `if(!isset($_SESSION['v_Id'])){ your exec code here }` — FSodic, Dec 02 '20 at 09:11

Gazmend Sahiti · Accepted Answer · 2020-12-02T10:52:25.530

0

You are missing the session_start(); header. You should start the session first.

edited Dec 02 '20 at 10:52

answered Dec 02 '20 at 08:31

Gazmend Sahiti

443
3
13

how to check whether session is set or not using php

1 Answers1