Skip to content

add basic sessionid support #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 21, 2025
Merged

add basic sessionid support #58

merged 4 commits into from
Sep 21, 2025

Conversation

ashleyhindle
Copy link
Collaborator

@ashleyhindle ashleyhindle commented Sep 21, 2025
edited
Loading

What & Why

Adds basic session support to allow a non-authed MCP connection to have some level of persistence.

This PR generates a session id on 'initialize', then makes it available in the Mcp\Request class, so each primitive can access it via: $request->sessionId()

Docs: https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#session-management

Most important parts of the docs for this = server can set a session id, client must send it on every request:

A server using the Streamable HTTP transport MAY assign a session ID at initialization time, by including it in an Mcp-Session-Id header on the HTTP response containing the InitializeResult

If an Mcp-Session-Id is returned by the server during initialization, clients using the Streamable HTTP transport MUST include it in the Mcp-Session-Id header on all of their subsequent HTTP requests.

How I tested

  1. Setup an MCP server called Escapa in Claude Code and Cursor
  2. Asked for the session id, then checked the session IDs were different
  3. Re-asked for the session id, got the same one back - we now have session support.

So now I can store data against that session in my tools/etc.. 👌

Notes/thoughts

Now

  • I don't like passing sessionId as part of the transport. It's only supported via the HttpTransport really, but I didn't want to 'undo' it from other transports.
  • I'm 100% confident that 'session' is part of the generic MCP Request though

Future

  • In future we should add a Session object like HTTP, with differently backed sessions, but this is useful enough for now.
  • This would allow us to have 'session context/data' like we do on the web, but probably need to generate more secure session IDs

Demo

CleanShot 2025-09-21 at 09 26 15@2x

@ashleyhindle
feat: add session support
78ae8bb 
Generate an initial session id on 'initialize', then put it in the
Mcp\Request so primitives can make use of it

In future we should add a Session object like HTTP, with differently
backed sessions, but this is useful enough for now
@ashleyhindle
fix: relax Transport contract for backwards compatibility
cc245de
@ashleyhindle
feat: add sessionid to transport contract
4e4379b
@ashleyhindle ashleyhindle marked this pull request as draft September 21, 2025 08:35
@ashleyhindle ashleyhindle marked this pull request as ready for review September 21, 2025 09:09
@taylorotwell taylorotwell merged commit 4a8286a into main Sep 21, 2025
18 checks passed
@taylorotwell taylorotwell deleted the add-basic-sessionid-support branch September 21, 2025 15:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ashleyhindle @taylorotwell