Skip to content

mcp: support stateless streamable sessions#277

Merged
jba merged 1 commit intomodelcontextprotocol:mainfrom
findleyr:streamable
Aug 11, 2025
Merged

mcp: support stateless streamable sessions#277
jba merged 1 commit intomodelcontextprotocol:mainfrom
findleyr:streamable

Conversation

@findleyr
Copy link
Contributor

@findleyr findleyr commented Aug 9, 2025

Support stateless streamable sessions by adding a GetSessionID function to StreamableHTTPOptions. If GetSessionID returns "", the session is stateless, and no validation is performed. This is implemented by providing the session a trivial initialization state.

To implement this, some parts of #232 (distributed sessions) are copied over, since they add an API for creating an already-initialized session.

In total, the following new API is added:

  • StreamableHTTPOptions.GetSessionID
  • ServerSessionOptions (a new parameter to Server.Connect)
  • ServerSessionState
  • ClientSessionOptions (a new parameter to Client.Connect, for symmetry)

For #10

@findleyr findleyr force-pushed the streamable branch 2 times, most recently from d4960e8 to 4c93089 Compare August 9, 2025 22:29
@findleyr findleyr requested review from jba and samthanawalla August 9, 2025 22:31
@findleyr findleyr mentioned this pull request Aug 9, 2025
Closed
jba
jba reviewed Aug 11, 2025
View reviewed changes
Copy link
Contributor

@jba jba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused about why the server is choosing statelessness. I thought there is some mechanism by which the client forces it, for example by sending a tool call without initialization.

mcp/streamable.go Outdated
@@ -45,6 +45,12 @@ type StreamableHTTPHandler struct {
// StreamableHTTPOptions is a placeholder options struct for future
Copy link
Contributor

@jba jba Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no longer just a placeholder

@findleyr
mcp: support stateless streamable sessions
642268d 
Support stateless streamable sessions by adding a GetSessionID function
to StreamableHTTPOptions. If GetSessionID returns "", the session is
stateless, and no validation is performed. This is implemented by
providing the session a trivial initialization state.

To implement this, some parts of modelcontextprotocol#232 (distributed sessions) are copied
over, since they add an API for creating an already-initialized session.

In total, the following new API is added:
- StreamableHTTPOptions.GetSessionID
- ServerSessionOptions (a new parameter to Server.Connect)
- ServerSessionState
- ClientSessionOptions (a new parameter to Client.Connect, for symmetry)

For modelcontextprotocol#10

Co-Authored-By: [email protected]
@findleyr findleyr mentioned this pull request Aug 11, 2025
Open
jba
jba approved these changes Aug 11, 2025
View reviewed changes
Copy link
Contributor

@jba jba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comment, ca be addressed in a followup.

mcp/streamable.go
// GetSessionID provides the next session ID to use for an incoming request.
//
// If GetSessionID returns an empty string, the session is 'stateless',
// meaning it is not persisted and no session validation is performed.
Copy link
Contributor

@jba jba Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Describe default.

@jba jba merged commit dae8853 into modelcontextprotocol:main Aug 11, 2025
6 checks passed
@BC-ACherednichenko
Copy link

BC-ACherednichenko commented Aug 12, 2025
edited
Loading

@findleyr @jba sorry a bit late on this PR, i see that session ID is still getting verified in case header is provided, is it intentional?
My thinknig process is that in case we are in a stateless mode we can skip validation regardless of headers and etc, and treat every request as a new one, fetching the header seems to be limiting this capability

	var session *StreamableServerTransport
	if id := req.Header.Get(sessionIDHeader); id != "" {
		h.sessionsMu.Lock()
		session, _ = h.sessions[id]
		h.sessionsMu.Unlock()
		if session == nil {
			http.Error(w, "session not found", http.StatusNotFound)
			return
		}
	}

Wanted to check with you here before jumping into the issue

@findleyr
Copy link
Contributor Author

findleyr commented Aug 13, 2025

@BC-ACherednichenko but why would the client provide a session ID if the server didn't return one? I guess I'm not understanding the use-case.

@BC-ACherednichenko
Copy link

BC-ACherednichenko commented Aug 13, 2025

@findleyr it is still related to the #148, since we put on ice the distributed sessions interface we have been wondering if it is possible to solve this problem via stateless mode

In particular, if stateless mode could be completely without session validation or etc (sort of you pass the flag, and sdk acts as if sessions did not exist at all), the mcp-session-id emission, management and distributed storage could have been moved to tools middleware layer (upper layer of the server).

Currently it reacts right away on the service header mcp-session-id, which i feel can be more flexible and could be managed at the concrete server implementation discretion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jba jba jba approved these changes

@samthanawalla samthanawalla Awaiting requested review from samthanawalla

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@findleyr @BC-ACherednichenko @jba