Username="1024"...



  • I just found this Javascript gem on the web site of one of the larger mutual fund groups in Denmark.

    "Brugernavn" is Danish for "Username".

    
    <script language="javascript" type="text/javascript">

    function setCookie(Navncookie, value, expiredays)
    { var ExpireDate = new Date ();
    ExpireDate.setTime(ExpireDate.getTime() + (expiredays * 24 * 3600 * 1000));
    document.cookie = Navncookie + "=" + escape(value) +
    ((expiredays == null) ? "" : "; expires=" + ExpireDate.toGMTString());

    }
    if(window.screen.width == "800"){
    inputBrugernavn = '800'
    setCookie('Brugernavn',inputBrugernavn,365)
    }else{
    inputBrugernavn = '1024'
    setCookie('Brugernavn',inputBrugernavn,365)
    }
    function ChanceFrameSet(){
    if(window.screen.width == "800"){
    document.getElementById("MidtFrame").rows = "91,*,20"
    }
    }
    </script>

    I can't help but wonder what the server-side code processing the cookie looks like...


  • Considered Harmful

    The cookie just seems to be a value of the user's screen resolution.  It looks like they check for 800 pixels wide specifically and assume anything else is 1024x768.  They probably have a narrow version of the site for users with 800x600 resolution, and they resize the (ugh) frameset accordingly.

    Still, the underlying logic is naive if not outright stupid; and assuming your translation is correct, the variable name is misleading.  It looks like code straight out of the 1990's.
     



  • The chances of the width being exactly 800, even on a 800x600 monitor is very remote. First you have to assume that the window is both maximised and borderless and that the is no vertical scroll bar taking up room. The should be a >= or <= in there somewhere, or better yet write the actual window width into the cookie and process accordingly.



  • I like the way that ExpireDate is created and set prior to the test for expiredays==null :)



  • @DAL1978 said:

    The chances of the width being exactly 800, even on a 800x600 monitor is very remote.

    Not so... it uses window.screen.width which refers to the screen itself, not the browser window.  Of course it's still bad practise to make these assumptions... sometimes I think I must be the only person in the world who doesn't browse at full screen!  Even some developers I know, when they get their wide screen 4000x3000 monitor on the go, still browse at full screen... words fail me.
     



  • @versatilia said:

    @DAL1978 said:

    The chances of the width being exactly 800, even on a 800x600 monitor is very remote.

    Not so... it uses window.screen.width which refers to the screen itself, not the browser window.  Of course it's still bad practise to make these assumptions... sometimes I think I must be the only person in the world who doesn't browse at full screen!  Even some developers I know, when they get their wide screen 4000x3000 monitor on the go, still browse at full screen... words fail me.
     

    High res means zoomability.

    I maximise at 1600*1200 and scale text by two or three clicks, in FFX.

    It is better. 



  • I'm pretty sure that The Real WTF (tm) is that the user's screen resolution is being stored in a cookie called "Username". This is either an incredibly stupid mixup, or a somewhat-clever honeypot for spyware programs trying to muck around in your cookies. (But how many spyware programs speak Dutch?)



  • The next website i'll make will have the following javascript:
     
    if(window.screen.width == "800") ADMIN=true;
     
    THE PERFECT SECURITY! 


  • But then they could just set their resolution to 800x600 and they'd have admin access.



  • well.. nobody uses 800x600 anymore

    =P
     


  • Discourse touched me in a no-no place

    Well I use 800x1200 so I'll be alright...



  • @jaspax said:

    I'm pretty sure that The Real WTF (tm) is that the user's screen resolution is being stored in a cookie called "Username". This is either an incredibly stupid mixup, or a somewhat-clever honeypot for spyware programs trying to muck around in your cookies. (But how many spyware programs speak Dutch?)

    Yeah, that was the WTF I was referring to. Judging by the quality of the HTML and Javascript on the site, I would be surprised if it was a honeypot :) It's Danish btw, I wouldn't be able to understand Dutch if my life depended on it :)



  • @jaspax said:

    (But how many spyware programs speak Dutch?)

    Quite a few, actually. However, this one's Danish, not Dutch. The Dutch word is 'Gebruikersnaam'. 



  • @dhromed said:

    @versatilia said:
    @DAL1978 said:
    The chances of the width being exactly 800, even on a 800x600 monitor is very remote.
    Not so... it uses window.screen.width which refers to the screen itself, not the browser window.  Of course it's still bad practise to make these assumptions... sometimes I think I must be the only person in the world who doesn't browse at full screen!  Even some developers I know, when they get their wide screen 4000x3000 monitor on the go, still browse at full screen... words fail me.
    High res means zoomability.

    I maximise at 1600*1200 and scale text by two or three clicks, in FFX.

    It is better.

    I run 1680 x 1050 at home, and I typically run with two browsers side-by-side, so each would have 840 pixels of width. I hate websites that are designed for full-screen browsing at 1024 pixels of width at minimum. I don't understand why people have this need to make websites a certain width, especially such an impractical width.



  • @Ametheus said:

    @jaspax said:

    (But how many spyware programs speak Dutch?)

    Quite a few, actually. However, this one's Danish, not Dutch. The Dutch word is 'Gebruikersnaam'. 

    I find it interesting that you can still see the commonality between:

    Bruger - navn

    Gebruikers - naam

    I know the two languages share quite a few common roots, though I have to admit that even though I'm half fluent in Dutch, Dansih still sounds like a language from another planet :) 


Log in to reply