Skip to content

SEP-1372: Clarifying Semantics of Behavior Without Initialization #1372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ZachGerman wants to merge 12 commits into from
Closed

SEP-1372: Clarifying Semantics of Behavior Without Initialization #1372

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
d54a81c
Account for bypassing of initialization
Aug 21, 2025
8cd6446
Update docs/specification/draft/basic/transports.mdx
ZachGerman Sep 29, 2025
2d8b382
Merge branch 'main' into skippable-initialization
ZachGerman Sep 29, 2025
a334963
Update docs/specification/draft/basic/transports.mdx
ZachGerman Sep 30, 2025
abd6891
Merge branch 'main' into skippable-initialization
ZachGerman Sep 30, 2025
542e4c6
Merge branch 'modelcontextprotocol:main' into skippable-initialization
ZachGerman Oct 2, 2025
5ace833
improved wording for 404 response handling
Oct 2, 2025
ab6f0b3
Add explicit initialization bypass rejection note
Oct 2, 2025
8341818
Merge branch 'main' into skippable-initialization
ZachGerman Oct 2, 2025
56c841a
Update docs/specification/draft/basic/transports.mdx
ZachGerman Oct 23, 2025
9ef44f9
Update docs/specification/draft/basic/transports.mdx
ZachGerman Oct 23, 2025
99f3ec1
Update docs/specification/draft/basic/transports.mdx
ZachGerman Oct 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion docs/specification/draft/basic/lifecycle.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,12 @@ sequenceDiagram

### Initialization

The initialization phase **MUST** be the first interaction between client and server.
The initialization phase **SHOULD** be the first interaction between client and server.
Bypassing initialization is appropriate when the client has prior knowledge of, and accounts for,
the protocol versions, capabilities, and initialization bypass support of all servers it interacts with.
Comment thread
ZachGerman marked this conversation as resolved.

A server MAY reject any attempt to bypass the initialize phase in a manner appropriate for the underlying transport.

During this phase, the client and server:

- Establish protocol version compatibility
Expand Down
8 changes: 4 additions & 4 deletions docs/specification/draft/basic/transports.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,14 +186,14 @@ servers which want to establish stateful sessions:
0x7E).
2. If an `Mcp-Session-Id` is returned by the server during initialization, clients using
the Streamable HTTP transport **MUST** include it in the `Mcp-Session-Id` header on
all of their subsequent HTTP requests.
all of their subsequent HTTP requests meant for that session.
- Servers that require a session ID **SHOULD** respond to requests without an
`Mcp-Session-Id` header (other than initialization) with HTTP 400 Bad Request.
3. The server **MAY** terminate the session at any time, after which it **MUST** respond
to requests containing that session ID with HTTP 404 Not Found.
4. When a client receives HTTP 404 in response to a request containing an
`Mcp-Session-Id`, it **MUST** start a new session by sending a new `InitializeRequest`
without a session ID attached.
4. When a client receives HTTP 404 in response to a request containing an `Mcp-Session-Id`,
it **MUST** stop using that `Mcp-Sesssion-Id` and **SHOULD** start a new session by
sending a new `InitializeRequest` without a session ID attached.

@simonrussell simonrussell Oct 9, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does InitializeRequest need to be used here? If it's not needed to establish the first session, is it necessary for the second one? (This could just be "start a new session by omitting the Mcp-Session-Id header)

@mikekistler mikekistler Oct 23, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current spec only allows sessions to be established by InitializeRequest, and we should not expand that in this PR (I'm backing out changes that allowed this).

Comment on lines +195 to +196

@mikekistler mikekistler Oct 9, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ZachGerman @simonrussell what do you think of this revision?

Suggested change
it **MUST** stop using that `Mcp-Sesssion-Id` and **SHOULD** start a new session by
sending a new `InitializeRequest` without a session ID attached.
it **MUST** stop using that `Mcp-Sesssion-Id` and **SHOULD** start a new session for
interactions that are logicially related.

@simonrussell simonrussell Oct 10, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure that's quite right because the client can't start a new session, it can only stop using a previous session. I think it needs to be more along the lines of "sending a new request without a session ID attached"

@ZachGerman ZachGerman Oct 10, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 on client's not really "starting" sessions, but "utilizing" them when an ID is offered by the server, which is being done either through initialization or by sending a request without a session ID attached. Maybe something like:

   it **MUST** stop using that `Mcp-Sesssion-Id` and **SHOULD** utilize a new session for
   subsequent interactions meant to be logicially related.

5. Clients that no longer need a particular session (e.g., because the user is leaving
the client application) **SHOULD** send an HTTP DELETE to the MCP endpoint with the
`Mcp-Session-Id` header, to explicitly terminate the session.
Expand Down