Angry Monkey (jwm) wrote in greasemonkies,
Angry Monkey

How to find the currently logged in user name.

As of about a month ago, Livejournal changed it's session cookies to fix some XSS related security holes, and a side effect of those changes have been that the user name has disappeared from the cookies and been replaced with the user id number (see here for the details of the new cookie layout).

This is a bit of a nuisance for greasemonkey scripts; several popular scripts, such as Instant Comment, relied on knowing the name of the user, and you can't simply look up id to user name mappings without the right permissions on LJ.

However, the user name of the currently logged in user isn't a secret, either; it appears at the top of every page as part of the logout form. My solution for finding the user name is to do a GM_xmlhttpRequest against the login.bml page and parse the hidden user field out of the log out form. Roughly, the order of action is:

  1. Pull the user id out of the ljloggedin cookie that's visible to all livejournal subdomains.
  2. Look up that uid against values we've previously stored. If we find a match, we're done.
  3. If not, we need to fetch the login page.
  4. On load, parse out the hidden input field with the user name
  5. Set the newly established uid->name mapping
  6. Return the name

The spanner in the works is that GM_xmlhttpRequest is asynchronous. I worked around this by passing the function that calls GM_xmlhttpRequest a callback function that it runs when the onload or onerror events are triggered, which sets the result and state back into global variables of your choice.

The initial getUser function takes that callback function and returns true if it has an immediate answer, false otherwise, in which case you need to use setTimeout to call a function that will check the global user name and state until a final answer is made, at which point, it can continue to do whatever it was that needed the user name.

The demonstration script is here at I've tested it on Firefox 1.0.7, greasemonkey 0.5.3, so let me know the results on any other versions. Coding suggestions welcome.

  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.