Skip to content

Commit bf473f4

Browse files
Copilotstephentoub
Copilot
and
stephentoub
committed
Fix DELETE handler: validate protocol version before removing session
Use TryGetValue to check version first, then TryRemove to actually delete. This prevents losing the session if validation fails. Co-authored-by: stephentoub <2642209+stephentoub@users.noreply.github.com>
1 parent 04eec1c commit bf473f4

1 file changed

Lines changed: 5 additions & 2 deletions

File tree

src/ModelContextProtocol.AspNetCore/StreamableHttpHandler.cs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -185,15 +185,18 @@ private static async Task HandleResumePostResponseStreamAsync(HttpContext contex
185185
public async Task HandleDeleteRequestAsync(HttpContext context)
186186
{
187187
var sessionId = context.Request.Headers[McpSessionIdHeaderName].ToString();
188-
if (sessionManager.TryRemove(sessionId, out var session))
188+
if (sessionManager.TryGetValue(sessionId, out var session))
189189
{
190190
if (!ValidateProtocolVersionHeader(context, session.Server, out var errorMessage))
191191
{
192192
await WriteJsonRpcErrorAsync(context, errorMessage!, StatusCodes.Status400BadRequest);
193193
return;
194194
}
195195

196-
await session.DisposeAsync();
196+
if (sessionManager.TryRemove(sessionId, out session))
197+
{
198+
await session.DisposeAsync();
199+
}
197200
}
198201
}
199202

0 commit comments

Comments
 (0)