MCP Python SDK sessionId not maintained in browser with TypeScript SDK client #764
Description
please move this issue into modelcontextprotocol/typescript-sdk issue
issue
Initial Checks
- I confirm that I'm using the latest version of MCP Python SDK
- I confirm that I searched for my issue in https://github.com/modelcontextprotocol/python-sdk/issues before opening this issue
Description
[BUG] MCP Python SDK sessionId not maintained in browser with TypeScript SDK client
Issue: MCP Python SDK as Server, TypeScript SDK as Client – Node.js works, browser session management fails
Description
When using the official MCP Python SDK (fastmcp) as the server and the TypeScript SDK as the client, session management (mcp-session-id) works correctly in Node.js, but fails in browser environments. This results in repeated "Missing session ID" errors or lost sessions for every request.
Environment
- Server: MCP Python SDK (
fastmcp),streamable_http_app, Starlette/uvicorn - Client: TypeScript SDK (
@modelcontextprotocol/sdk),StreamableHTTPClientTransport - Node.js: Session management works out of the box
- Browser (React/Vitest): Session cannot be maintained
- All code is reverted to official logic, no monkey patching or custom fetch
Key Code Snippets
Server (http-server-streamable.py):
app = mcp.streamable_http_app()
app.add_middleware(
CORSMiddleware,
allow_origins=["http://localhost:3000"],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"]
)
uvicorn.run(app, host="127.0.0.1", port=8000)Client (mcpService.ts):
// MCPService (browser and Node.js):
const transport = new StreamableHTTPClientTransport(new URL(this.url));
await mcp.connect(transport);
// In browser, MCPService does not automatically manage sessionId between requests.
// The first response from the server includes Mcp-Session-Id, but MCPService does not persist or inject it for subsequent requests.
// In Node.js, sessionId is managed via cookies and works as expected.Test Case (mcp-streamable-browser.test.ts):
import { describe, it, expect } from 'vitest';
import { MCPService } from '../../../engine/service/mcpService';
describe('MCPService streamable http tool list', () => {
it('should fetch tool list from MCP Python server', async () => {
const mcp = new MCPService('http://127.0.0.1:8000/mcp', 'STREAMABLE_HTTP');
const result = await Promise.race([
mcp.listTools(),
new Promise<{ data: null; error: string }>(resolve => setTimeout(() => resolve({ data: null, error: 'timeout' }), 5000))
]);
const { data, error } = result as { data: any; error: any };
console.log('Tool list:', data, error);
console.log('SessionId:', mcp['transport']?.sessionId);
});
});Steps to Reproduce
- Start MCP Python server with the CORS config above (expose_headers tried, but does not help).
- The SDK makes two requests: the first response from the server includes a valid
Mcp-Session-Idheader, but the client does not send the sessionId in the header for the second request, causing session management to fail. - Same code in Node.js maintains sessionId correctly.
Expected Behavior
- Browser environment should maintain session just like Node.js, with
mcp-session-idcorrectly read and reused, so all requests are in the same session.
Request
- Please confirm if there is a bug in the TypeScript SDK sessionId handling for browsers, or a compatibility issue in the Python SDK server.
- Please provide best practices or a fix for browser session management.
Log Output
Please see the following log output for reference:
1st fetch 200ok
{"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"mcp-client","version":"1.0.0"}},"jsonrpc":"2.0","id":0}
response header
...
mcp-session-id:68709f581d3740ae82a3dcb523f0ac8c
...
request header (dont have mcp-session-id)
2st fetch 400 Bad Request
{"method":"notifications/initialized","jsonrpc":"2.0"}
{
"jsonrpc": "2.0",
"id": "server-error",
"error": {
"code": -32600,
"message": "Bad Request: Missing session ID"
}
}
response header
...
mcp-session-id:44295e965b524e97b45ccf6351201c13
...
request header (dont have mcp-session-id)
nodejs test log out
Tool list: [ ... ] undefined ([explain,not test log] sucess get toollist,no error)
SessionId: a9911fbfa8fa4eb78dad791b2dddfc33
Python & MCP Python SDK
python
python version 3.12
mcp 1.9.2
typescript
@modelcontextprotocol/sdk": "^1.13.0
node version v22.17.0
Other information
When both the MCP server and client use the official TypeScript SDK, session management works as expected.