Update security_best_practices.mdx

localden · web-flow · commit 1f7a2339f4eb · 2025-06-13T20:42:10.000-07:00
diff --git a/docs/specification/draft/basic/security_best_practices.mdx b/docs/specification/draft/basic/security_best_practices.mdx
@@ -228,4 +228,3 @@ MCP servers **SHOULD** bind session IDs to user-specific information.
 When storing or transmitting session-related data (e.g., in a queue), combine the session ID with information unique to the authorized user, such as their internal user ID. Use a key format like `<user_id>:<session_id>`. This ensures that even if an attacker guesses a session ID, they cannot impersonate another user as the user ID is derived from the user token and not provided by the client.
 
 MCP servers can optionally leverage additional unique identifiers.
-Where appropriate, consider incorporating other unique attributes into the session key, such as the source IP address. This adds another layer of defense, making it more difficult for attackers to hijack sessions from different locations.

Original file line number	Diff line number	Diff line change
`@@ -228,4 +228,3 @@ MCP servers SHOULD bind session IDs to user-specific information.`
`228`	`228`	When storing or transmitting session-related data (e.g., in a queue), combine the session ID with information unique to the authorized user, such as their internal user ID. Use a key format like `<user_id>:<session_id>`. This ensures that even if an attacker guesses a session ID, they cannot impersonate another user as the user ID is derived from the user token and not provided by the client.
`229`	`229`
`230`	`230`	`MCP servers can optionally leverage additional unique identifiers.`
`231`		`-Where appropriate, consider incorporating other unique attributes into the session key, such as the source IP address. This adds another layer of defense, making it more difficult for attackers to hijack sessions from different locations.`