You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have checked that this question would not be more appropriate as an issue in a specific repository
I have searched existing discussions and documentation for answers
Question Category
Protocol Specification
SDK Usage
Server Implementation
General Implementation
Documentation
Other
Your Question
Relations between incoming Requesting User and MCP Session Id
As far as I checked, the standard does not specify if a single MCP Session Id can only serve a single user.
Additionally a User may have multiple authorization tokens, either in the same time, or regenerated due to expiration.
Should the specification add a requirement that a single MCP Session MUST Serve only a single User?
If this is not a requirement, but for security purposes it is a requirement, what's the expected behavior from the server?
What are the best practices for the relations between the different incoming Authorization Tokens and the MCP Session id? Note that a single Client may use the same session with different authorization tokens at the same time according to the current standard.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Model Context Protocol
Uh oh!
There was an error while loading. Please reload this page.
-
Pre-submission Checklist
Question Category
Your Question
Relations between incoming Requesting User and MCP Session Id
As far as I checked, the standard does not specify if a single MCP Session Id can only serve a single user.
Additionally a User may have multiple authorization tokens, either in the same time, or regenerated due to expiration.
Beta Was this translation helpful? Give feedback.
All reactions