Skip to content

Commit cbe631d

Browse files
corvid-agentclaude
corvid-agent
and
claude
committed
fix(examples): use 404 status for invalid session IDs
Per the MCP spec, servers should respond with 404 when presented with an invalid session ID, so clients know to start a new session. The examples incorrectly used 400 for this case. Closes #389 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 65bbcea commit cbe631d

6 files changed

Lines changed: 21 additions & 21 deletions

examples/server/src/elicitationFormExample.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -361,11 +361,11 @@ async function main() {
361361
return;
362362
} else {
363363
// Invalid request - no session ID or not initialization request
364-
res.status(400).json({
364+
res.status(404).json({
365365
jsonrpc: '2.0',
366366
error: {
367367
code: -32_000,
368-
message: 'Bad Request: No valid session ID provided'
368+
message: 'Not Found: No valid session ID provided'
369369
},
370370
id: null
371371
});
@@ -395,7 +395,7 @@ async function main() {
395395
const mcpGetHandler = async (req: Request, res: Response) => {
396396
const sessionId = req.headers['mcp-session-id'] as string | undefined;
397397
if (!sessionId || !transports[sessionId]) {
398-
res.status(400).send('Invalid or missing session ID');
398+
res.status(404).send('Invalid or missing session ID');
399399
return;
400400
}
401401

@@ -410,7 +410,7 @@ async function main() {
410410
const mcpDeleteHandler = async (req: Request, res: Response) => {
411411
const sessionId = req.headers['mcp-session-id'] as string | undefined;
412412
if (!sessionId || !transports[sessionId]) {
413-
res.status(400).send('Invalid or missing session ID');
413+
res.status(404).send('Invalid or missing session ID');
414414
return;
415415
}
416416

examples/server/src/elicitationUrlExample.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -608,11 +608,11 @@ const mcpPostHandler = async (req: Request, res: Response) => {
608608
return; // Already handled
609609
} else {
610610
// Invalid request - no session ID or not initialization request
611-
res.status(400).json({
611+
res.status(404).json({
612612
jsonrpc: '2.0',
613613
error: {
614614
code: -32_000,
615-
message: 'Bad Request: No valid session ID provided'
615+
message: 'Not Found: No valid session ID provided'
616616
},
617617
id: null
618618
});
@@ -644,7 +644,7 @@ app.post('/mcp', authMiddleware, mcpPostHandler);
644644
const mcpGetHandler = async (req: Request, res: Response) => {
645645
const sessionId = req.headers['mcp-session-id'] as string | undefined;
646646
if (!sessionId || !transports[sessionId]) {
647-
res.status(400).send('Invalid or missing session ID');
647+
res.status(404).send('Invalid or missing session ID');
648648
return;
649649
}
650650

@@ -683,7 +683,7 @@ app.get('/mcp', authMiddleware, mcpGetHandler);
683683
const mcpDeleteHandler = async (req: Request, res: Response) => {
684684
const sessionId = req.headers['mcp-session-id'] as string | undefined;
685685
if (!sessionId || !transports[sessionId]) {
686-
res.status(400).send('Invalid or missing session ID');
686+
res.status(404).send('Invalid or missing session ID');
687687
return;
688688
}
689689

examples/server/src/jsonResponseStreamableHttp.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,11 +112,11 @@ app.post('/mcp', async (req: Request, res: Response) => {
112112
return; // Already handled
113113
} else {
114114
// Invalid request - no session ID or not initialization request
115-
res.status(400).json({
115+
res.status(404).json({
116116
jsonrpc: '2.0',
117117
error: {
118118
code: -32_000,
119-
message: 'Bad Request: No valid session ID provided'
119+
message: 'Not Found: No valid session ID provided'
120120
},
121121
id: null
122122
});

examples/server/src/simpleStreamableHttp.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -586,11 +586,11 @@ const mcpPostHandler = async (req: Request, res: Response) => {
586586
return; // Already handled
587587
} else {
588588
// Invalid request - no session ID or not initialization request
589-
res.status(400).json({
589+
res.status(404).json({
590590
jsonrpc: '2.0',
591591
error: {
592592
code: -32_000,
593-
message: 'Bad Request: No valid session ID provided'
593+
message: 'Not Found: No valid session ID provided'
594594
},
595595
id: null
596596
});
@@ -626,7 +626,7 @@ if (useOAuth && authMiddleware) {
626626
const mcpGetHandler = async (req: Request, res: Response) => {
627627
const sessionId = req.headers['mcp-session-id'] as string | undefined;
628628
if (!sessionId || !transports[sessionId]) {
629-
res.status(400).send('Invalid or missing session ID');
629+
res.status(404).send('Invalid or missing session ID');
630630
return;
631631
}
632632

@@ -657,7 +657,7 @@ if (useOAuth && authMiddleware) {
657657
const mcpDeleteHandler = async (req: Request, res: Response) => {
658658
const sessionId = req.headers['mcp-session-id'] as string | undefined;
659659
if (!sessionId || !transports[sessionId]) {
660-
res.status(400).send('Invalid or missing session ID');
660+
res.status(404).send('Invalid or missing session ID');
661661
return;
662662
}
663663

examples/server/src/simpleTaskInteractive.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -671,9 +671,9 @@ app.post('/mcp', async (req: Request, res: Response) => {
671671
await transport.handleRequest(req, res, req.body);
672672
return;
673673
} else {
674-
res.status(400).json({
674+
res.status(404).json({
675675
jsonrpc: '2.0',
676-
error: { code: -32_000, message: 'Bad Request: No valid session ID' },
676+
error: { code: -32_000, message: 'Not Found: No valid session ID' },
677677
id: null
678678
});
679679
return;
@@ -696,7 +696,7 @@ app.post('/mcp', async (req: Request, res: Response) => {
696696
app.get('/mcp', async (req: Request, res: Response) => {
697697
const sessionId = req.headers['mcp-session-id'] as string | undefined;
698698
if (!sessionId || !transports[sessionId]) {
699-
res.status(400).send('Invalid or missing session ID');
699+
res.status(404).send('Invalid or missing session ID');
700700
return;
701701
}
702702

@@ -708,7 +708,7 @@ app.get('/mcp', async (req: Request, res: Response) => {
708708
app.delete('/mcp', async (req: Request, res: Response) => {
709709
const sessionId = req.headers['mcp-session-id'] as string | undefined;
710710
if (!sessionId || !transports[sessionId]) {
711-
res.status(400).send('Invalid or missing session ID');
711+
res.status(404).send('Invalid or missing session ID');
712712
return;
713713
}
714714

examples/server/src/standaloneSseWithGetStreamableHttp.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -68,11 +68,11 @@ app.post('/mcp', async (req: Request, res: Response) => {
6868
return; // Already handled
6969
} else {
7070
// Invalid request - no session ID or not initialization request
71-
res.status(400).json({
71+
res.status(404).json({
7272
jsonrpc: '2.0',
7373
error: {
7474
code: -32_000,
75-
message: 'Bad Request: No valid session ID provided'
75+
message: 'Not Found: No valid session ID provided'
7676
},
7777
id: null
7878
});
@@ -100,7 +100,7 @@ app.post('/mcp', async (req: Request, res: Response) => {
100100
app.get('/mcp', async (req: Request, res: Response) => {
101101
const sessionId = req.headers['mcp-session-id'] as string | undefined;
102102
if (!sessionId || !transports[sessionId]) {
103-
res.status(400).send('Invalid or missing session ID');
103+
res.status(404).send('Invalid or missing session ID');
104104
return;
105105
}
106106

0 commit comments

Comments
 (0)