Obfuscate session cookie values for JSON output as well as HTML

Author: markt-asf

webapps/docs/changelog.xml

@@ -246,6 +246,10 @@
         Examples. Fix broken links when Servlet Request Info example is called
         via a URL that includes a pathInfo component. (markt)
       </fix>
+      <fix>
+        Examples. Expand the obfuscation of session cookie values in the request
+        header example to JSON responses. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name = "Other">

webapps/examples/WEB-INF/classes/RequestHeaderExample.java

@@ -73,7 +73,7 @@ protected boolean prefersJSON(String acceptHeader) {
 
             // text/html, application/html, etc.
             if (accept.contains("html")) {
-                return false;
+                return true;
             }
         }
         return false;
@@ -138,8 +138,20 @@ protected void renderJSON(HttpServletRequest request, HttpServletResponse respon
             String headerName = e.nextElement();
             String headerValue = request.getHeader(headerName);
 
-            out.append("{\"").append(JSONFilter.escape(headerName)).append("\":\"")
-                    .append(JSONFilter.escape(headerValue)).append("\"}");
+            out.append("{\"").append(JSONFilter.escape(headerName)).append("\":\"");
+
+
+            if (headerName.toLowerCase(Locale.ENGLISH).contains("cookie")) {
+                HttpSession session = request.getSession(false);
+                String sessionId = null;
+                if (session != null) {
+                    sessionId = session.getId();
+                }
+                out.append(JSONFilter.escape(CookieFilter.filter(headerValue, sessionId)));
+            } else {
+                out.append(JSONFilter.escape(headerValue));
+            }
+            out.append("\"}");
 
             if (e.hasMoreElements()) {
                 out.append(',');