diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 57dbdf7c80a1..87270a984347 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -246,6 +246,10 @@
Examples. Fix broken links when Servlet Request Info example is called
via a URL that includes a pathInfo component. (markt)
+
+ Examples. Expand the obfuscation of session cookie values in the request
+ header example to JSON responses. (markt)
+
diff --git a/webapps/examples/WEB-INF/classes/RequestHeaderExample.java b/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
index 993a4463d4c8..db6e4b10c51f 100644
--- a/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
+++ b/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
@@ -73,7 +73,7 @@ protected boolean prefersJSON(String acceptHeader) {
// text/html, application/html, etc.
if (accept.contains("html")) {
- return false;
+ return true;
}
}
return false;
@@ -138,8 +138,20 @@ protected void renderJSON(HttpServletRequest request, HttpServletResponse respon
String headerName = e.nextElement();
String headerValue = request.getHeader(headerName);
- out.append("{\"").append(JSONFilter.escape(headerName)).append("\":\"")
- .append(JSONFilter.escape(headerValue)).append("\"}");
+ out.append("{\"").append(JSONFilter.escape(headerName)).append("\":\"");
+
+
+ if (headerName.toLowerCase(Locale.ENGLISH).contains("cookie")) {
+ HttpSession session = request.getSession(false);
+ String sessionId = null;
+ if (session != null) {
+ sessionId = session.getId();
+ }
+ out.append(JSONFilter.escape(CookieFilter.filter(headerValue, sessionId)));
+ } else {
+ out.append(JSONFilter.escape(headerValue));
+ }
+ out.append("\"}");
if (e.hasMoreElements()) {
out.append(',');