Skip to content

Commit 1572bc3

Browse files
authored
fix: return 404 instead of 400 for invalid session IDs (#689)
Per MCP specification, invalid/expired session IDs should return HTTP 404 Not Found so clients can detect and re-initialize sessions.
1 parent dcebd20 commit 1572bc3

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

server/streamable_http.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -345,7 +345,7 @@ func (s *StreamableHTTPServer) handlePost(w http.ResponseWriter, r *http.Request
345345
sessionID = r.Header.Get(HeaderKeySessionID)
346346
isTerminated, err := sessionIdManager.Validate(sessionID)
347347
if err != nil {
348-
http.Error(w, "Invalid session ID", http.StatusBadRequest)
348+
http.Error(w, "Invalid session ID", http.StatusNotFound)
349349
return
350350
}
351351
if isTerminated {
@@ -734,7 +734,7 @@ func (s *StreamableHTTPServer) handleSamplingResponse(w http.ResponseWriter, r *
734734
sessionIdManager := s.sessionIdManagerResolver.ResolveSessionIdManager(r)
735735
isTerminated, err := sessionIdManager.Validate(sessionID)
736736
if err != nil {
737-
http.Error(w, "Invalid session ID", http.StatusBadRequest)
737+
http.Error(w, "Invalid session ID", http.StatusNotFound)
738738
return err
739739
}
740740
if isTerminated {

server/streamable_http_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -255,8 +255,8 @@ func TestStreamableHTTP_POST_SendAndReceive(t *testing.T) {
255255
}
256256
defer resp.Body.Close()
257257

258-
if resp.StatusCode != 400 {
259-
t.Errorf("Expected status 400, got %d", resp.StatusCode)
258+
if resp.StatusCode != http.StatusNotFound {
259+
t.Errorf("Expected status 404, got %d", resp.StatusCode)
260260
}
261261
})
262262

@@ -1458,8 +1458,8 @@ func TestStreamableHTTP_SessionValidation(t *testing.T) {
14581458
}
14591459
defer resp.Body.Close()
14601460

1461-
if resp.StatusCode != http.StatusBadRequest {
1462-
t.Errorf("Expected status 400, got %d", resp.StatusCode)
1461+
if resp.StatusCode != http.StatusNotFound {
1462+
t.Errorf("Expected status 404, got %d", resp.StatusCode)
14631463
}
14641464

14651465
body, _ := io.ReadAll(resp.Body)

0 commit comments

Comments
 (0)