Add warning log when rejecting requests with unknown session IDs

nielskaspers · claude · nielskaspers · commit 29e17be9a550 · 2026-03-06T11:18:33.000+02:00
The else branch in _handle_stateful_request silently returned 404 for unknown or expired session IDs, while the other branches logged at debug/info level. This made it difficult to diagnose connection failures caused by stale session IDs (e.g. after server restarts). Closes #2204 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/src/mcp/server/streamable_http_manager.py b/src/mcp/server/streamable_http_manager.py
@@ -272,6 +272,10 @@ async def run_server(*, task_status: TaskStatus[None] = anyio.TASK_STATUS_IGNORE
             # Unknown or expired session ID - return 404 per MCP spec
             # TODO: Align error code once spec clarifies
             # See: https://github.com/modelcontextprotocol/python-sdk/issues/1821
+            logger.warning(
+                "Rejected request with unknown or expired session ID: %s",
+                request_mcp_session_id,
+            )
             error_response = JSONRPCError(
                 jsonrpc="2.0",
                 id=None,
diff --git a/tests/server/test_streamable_http_manager.py b/tests/server/test_streamable_http_manager.py
@@ -1,6 +1,7 @@
 """Tests for StreamableHTTPSessionManager."""
 
 import json
+import logging
 from typing import Any
 from unittest.mock import AsyncMock, patch
 
@@ -269,7 +270,7 @@ async def mock_receive():
 
 
 @pytest.mark.anyio
-async def test_unknown_session_id_returns_404():
+async def test_unknown_session_id_returns_404(caplog: pytest.LogCaptureFixture):
     """Test that requests with unknown session IDs return HTTP 404 per MCP spec."""
     app = Server("test-unknown-session")
     manager = StreamableHTTPSessionManager(app=app)
@@ -299,7 +300,14 @@ async def mock_send(message: Message):
         async def mock_receive():
             return {"type": "http.request", "body": b"{}", "more_body": False}  # pragma: no cover
 
-        await manager.handle_request(scope, mock_receive, mock_send)
+        with caplog.at_level(logging.WARNING, logger="mcp.server.streamable_http_manager"):
+            await manager.handle_request(scope, mock_receive, mock_send)
+
+        # Verify warning was logged for the unknown session ID
+        assert any(
+            "non-existent-session-id" in record.message and record.levelno == logging.WARNING
+            for record in caplog.records
+        ), "Should log a warning for unknown session ID"
 
         # Find the response start message
         response_start = next(
