diff --git a/lib/mcp/server/transports/streamable_http_transport.rb b/lib/mcp/server/transports/streamable_http_transport.rb index ca640c6..6e9dd09 100644 --- a/lib/mcp/server/transports/streamable_http_transport.rb +++ b/lib/mcp/server/transports/streamable_http_transport.rb @@ -259,8 +259,7 @@ def handle_accepted def handle_regular_request(body_string, session_id) unless @stateless - # If session ID is provided, but not in the sessions hash, return an error - if session_id && !@sessions.key?(session_id) + if session_id && !session_exists?(session_id) return session_not_found_response end end diff --git a/test/mcp/server/transports/streamable_http_transport_test.rb b/test/mcp/server/transports/streamable_http_transport_test.rb index 1f6310b..abeb2e5 100644 --- a/test/mcp/server/transports/streamable_http_transport_test.rb +++ b/test/mcp/server/transports/streamable_http_transport_test.rb @@ -1222,6 +1222,31 @@ class StreamableHTTPTransportTest < ActiveSupport::TestCase assert_equal([], response[2]) end + test "handle_regular_request checks session existence under mutex" do + init_request = create_rack_request( + "POST", + "/", + { "CONTENT_TYPE" => "application/json" }, + { jsonrpc: "2.0", method: "initialize", id: "init" }.to_json, + ) + init_response = @transport.handle_request(init_request) + session_id = init_response[1]["Mcp-Session-Id"] + + @transport.expects(:session_exists?).with(session_id).returns(true) + + request = create_rack_request( + "POST", + "/", + { + "CONTENT_TYPE" => "application/json", + "HTTP_MCP_SESSION_ID" => session_id, + }, + { jsonrpc: "2.0", method: "ping", id: "456" }.to_json, + ) + response = @transport.handle_request(request) + assert_equal(200, response[0]) + end + private def create_rack_request(method, path, headers, body = nil)