You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/basic/transports.md
+26-10Lines changed: 26 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -117,14 +117,20 @@ like `https://example.com/mcp`.
117
117
### Session Management
118
118
119
119
Where a client desires to share a single logical session across multiple requests, it
120
-
**MAY** attach an `Mcp-Session-Id` HTTP header to its requests. This permits resumability
121
-
and maintenance of session state across separate POSTs.
120
+
**MAY** attach an `Mcp-Session-Id` HTTP header to its requests. This permits maintenance
121
+
of session state across separate POSTs.
122
122
123
123
1. It is the client's responsibility to generate or select the session ID.
124
124
2. This session ID **SHOULD** be globally unique and cryptographically secure (e.g., a
125
125
UUID or a JWT), unless it is specifically desired to share a session ID across users
126
126
or clients.
127
127
3. The server **MAY** use this header to associate state with the logical session.
128
+
- If the server agrees to re-establish an existing session, it **MUST** include a
129
+
`Mcp-Session-Status: resumed` HTTP header in its response.
130
+
- If the server begins a new session associated with the session ID, it **MUST**
131
+
include a `Mcp-Session-Status: created` HTTP header in its response.
132
+
- The server **MAY** delete session state at any time; however, it **MUST NOT**
133
+
prevent the same session ID from creating a new session again in future.
128
134
4. If [authorization]({{< ref "authorization" >}}) is used _and_ the server makes use of
129
135
the `Mcp-Session-Id` header:
130
136
- The server **SHOULD** bind the session ID to the authorization context, and return
@@ -143,14 +149,24 @@ and maintenance of session state across separate POSTs.
143
149
144
150
### Resumability and Redelivery
145
151
146
-
To support resuming broken connections, and redelivering messages that might otherwise be lost:
147
-
148
-
1. Servers **MAY** attach an `id` field to their SSE events, as described in the [SSE standard](https://html.spec.whatwg.org/multipage/server-sent-events.html#event-stream-interpretation).
149
-
- If present, the ID **MUST** be globally unique across all streams within that [session](#session-management)—or all streams with that specific client, if session management is not in use.
150
-
2. After a broken connection, clients **MAY** include a [`Last-Event-ID`](https://html.spec.whatwg.org/multipage/server-sent-events.html#the-last-event-id-header) header when opening a new SSE stream, to indicate the last event ID they received.
151
-
- The server **MAY** use this header to replay messages that were sent after the last event ID, and to resume the stream from that point.
152
-
3. Clients **MUST NOT** include a `Last-Event-ID` header when connecting _additional_ SSE streams within the session, while at least one remains connected.
153
-
- The server **SHOULD** interpret the presence of this header as indicating that any other streams which _nominally_ remain open are in fact dead, and should be terminated.
152
+
To support resuming broken connections, and redelivering messages that might otherwise be
153
+
lost:
154
+
155
+
1. Servers **MAY** attach an `id` field to their SSE events, as described in the
0 commit comments