From f0fbfc7fcbc1489177f5c81cad7f49ba88b8244e Mon Sep 17 00:00:00 2001 From: qikaigao <33371207+qikaigao@users.noreply.github.com> Date: Mon, 14 Apr 2025 00:46:13 -0700 Subject: [PATCH 1/3] StreamableHTTPServerTransport should only check init status when there is an sessionId When using stateless mode, the backend will create a new transport for each request. For new transport, the initialized filed is always false. So we should only check the initialized filed if there is session existing --- src/server/streamableHttp.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/streamableHttp.ts b/src/server/streamableHttp.ts index ec8d2aa73..fc13e7620 100644 --- a/src/server/streamableHttp.ts +++ b/src/server/streamableHttp.ts @@ -371,7 +371,7 @@ export class StreamableHTTPServerTransport implements Transport { * Returns true if the session is valid, false otherwise */ private validateSession(req: IncomingMessage, res: ServerResponse): boolean { - if (!this._initialized) { + if (this.sessionId && !this._initialized) { // If the server has not been initialized yet, reject all requests res.writeHead(400).end(JSON.stringify({ jsonrpc: "2.0", From 0058c30032991cbc8d9e26ac7430d5a9dc442015 Mon Sep 17 00:00:00 2001 From: qikaigao <33371207+qikaigao@users.noreply.github.com> Date: Thu, 17 Apr 2025 11:08:34 -0700 Subject: [PATCH 2/3] Update src/server/streamableHttp.ts Co-authored-by: Cliff Hall --- src/server/streamableHttp.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/server/streamableHttp.ts b/src/server/streamableHttp.ts index 78f3dcc54..a388b4ee3 100644 --- a/src/server/streamableHttp.ts +++ b/src/server/streamableHttp.ts @@ -463,7 +463,12 @@ export class StreamableHTTPServerTransport implements Transport { * Returns true if the session is valid, false otherwise */ private validateSession(req: IncomingMessage, res: ServerResponse): boolean { - if (this.sessionId && !this._initialized) { + if (this.sessionId === undefined) { + // If the session ID is not set, the session management is disabled + // and we don't need to validate the session ID + return true; + } + if (!this._initialized) { // If the server has not been initialized yet, reject all requests res.writeHead(400).end(JSON.stringify({ jsonrpc: "2.0", From 1df348710b78746126391c02ff27d93ceb24d688 Mon Sep 17 00:00:00 2001 From: qikaigao <33371207+qikaigao@users.noreply.github.com> Date: Thu, 17 Apr 2025 15:38:12 -0700 Subject: [PATCH 3/3] Update streamableHttp.ts --- src/server/streamableHttp.ts | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/server/streamableHttp.ts b/src/server/streamableHttp.ts index a388b4ee3..dfaeed7bc 100644 --- a/src/server/streamableHttp.ts +++ b/src/server/streamableHttp.ts @@ -480,11 +480,7 @@ export class StreamableHTTPServerTransport implements Transport { })); return false; } - if (this.sessionId === undefined) { - // If the session ID is not set, the session management is disabled - // and we don't need to validate the session ID - return true; - } + const sessionId = req.headers["mcp-session-id"]; if (!sessionId) {