88#include < chrono>
99#include < httplib.h>
1010#include < iomanip>
11- #include < iostream>
1211#include < random>
1312#include < sstream>
1413
@@ -353,12 +352,12 @@ bool StreamableHttpServerWrapper::start()
353352 apply_additional_response_headers (res);
354353
355354 res.status = 405 ;
356- res.set_header (" Allow" " POST"
355+ res.set_header (" Allow" " POST, DELETE, OPTIONS "
357356 res.set_header (" Content-Type" " application/json"
358357
359358 fastmcpp::Json error_response = {
360359 {" error" " Method Not Allowed"
361- {" message" " The MCP endpoint only supports POST requests."
360+ {" message" " The MCP endpoint only supports POST and DELETE requests."
362361
363362 res.set_content (error_response.dump (), " application/json"
364363 });
@@ -372,16 +371,32 @@ bool StreamableHttpServerWrapper::start()
372371 {
373372 apply_additional_response_headers (res);
374373
375- // If an Mcp-Session-Id header is provided, terminate that session.
376374 auto session_it = req.headers .find (" Mcp-Session-Id"
377- if (session_it != req.headers .end ())
375+ if (session_it == req.headers .end () || session_it->second .empty ())
376+ {
377+ res.status = 400 ;
378+ res.set_content (" {\" error\" :\" Mcp-Session-Id header required\" }"
379+ " application/json"
380+ return ;
381+ }
382+
383+ const std::string& session_id = session_it->second ;
384+ bool did_remove = false ;
378385 {
379- const std::string& session_id = session_it->second ;
380386 std::lock_guard<std::mutex> lock (sessions_mutex_);
381- sessions_.erase (session_id);
387+ did_remove = sessions_.erase (session_id) > 0 ;
382388 }
383389
384- res.status = 204 ; // No Content
390+ if (did_remove)
391+ {
392+ res.status = 204 ; // No Content
393+ }
394+ else
395+ {
396+ res.status = 404 ;
397+ res.set_content (" {\" error\" :\" Invalid or expired session\" }"
398+ " application/json"
399+ }
385400 });
386401
387402 running_ = true ;
0 commit comments