kotlin-sdk-server/io.modelcontextprotocol.kotlin.sdk.server/StreamableHttpServerTransport

StreamableHttpServerTransport

class StreamableHttpServerTransport(enableJsonResponse: Boolean = false, enableDnsRebindingProtection: Boolean = false, allowedHosts: List<String>? = null, allowedOrigins: List<String>? = null, eventStore: EventStore? = null, retryIntervalMillis: Long? = null) : AbstractTransport(source)

Server transport for Streamable HTTP: this implements the MCP Streamable HTTP transport specification. It supports both SSE streaming and direct HTTP responses.

In stateful mode:

Session ID is generated and included in response headers
Session ID is always included in initialization responses
Requests with invalid session IDs are rejected with 404 Not Found
Non-initialization requests without a session ID are rejected with 400 Bad Request
State is maintained in-memory (connections, message history)

In stateless mode:

No Session ID is included in any responses
No session validation is performed

Parameters

enableJsonResponse

If true, the server will return JSON responses instead of starting an SSE stream. This can be useful for simple request/response scenarios without streaming. Default is false (SSE streams are preferred).

enableDnsRebindingProtection

Enable DNS rebinding protection (requires allowedHosts and/or allowedOrigins to be configured). Default is false for backwards compatibility.

allowedHosts

List of allowed host header values for DNS rebinding protection. If not specified, host validation is disabled.

allowedOrigins

List of allowed origin header values for DNS rebinding protection. If not specified, origin validation is disabled.

eventStore

Event store for resumability support If provided, resumability will be enabled, allowing clients to reconnect and resume messages

retryIntervalMillis

Retry interval (in milliseconds) advertised via SSE priming events to hint the client when to reconnect. Applies only when an eventStore is configured. Defaults to null (no retry hint).

Constructors

StreamableHttpServerTransport

constructor(enableJsonResponse: Boolean = false, enableDnsRebindingProtection: Boolean = false, allowedHosts: List<String>? = null, allowedOrigins: List<String>? = null, eventStore: EventStore? = null, retryIntervalMillis: Long? = null)

Properties

sessionId

var sessionId: String?

Functions

open suspend override fun close()

closeSseStream

suspend fun closeSseStream(requestId: RequestId)

Closes the SSE stream associated with the given requestId, prompting the client to reconnect. Useful for implementing polling behavior for long-running operations.

handleDeleteRequest

suspend fun handleDeleteRequest(call: ApplicationCall)

handleGetRequest

suspend fun handleGetRequest(session: ServerSSESession?, call: ApplicationCall)

handlePostRequest

suspend fun handlePostRequest(session: ServerSSESession?, call: ApplicationCall)

Handles POST requests containing JSON-RPC messages

handleRequest

suspend fun handleRequest(session: ServerSSESession?, call: ApplicationCall)

Handles an incoming HTTP request, whether GET, POST or DELETE

onClose

open override fun onClose(block: () -> Unit)

onError

open override fun onError(block: (Throwable) -> Unit)

onMessage

open override fun onMessage(block: suspend (JSONRPCMessage) -> Unit)

send

open suspend override fun send(message: JSONRPCMessage, options: TransportSendOptions?)

setOnSessionClosed

fun setOnSessionClosed(block: (String) -> Unit?)

A callback for session close events This is called when the server closes a session due to a DELETE request. Useful in cases when you need to clean up resources associated with the session. Note that this is different from the transport closing, if you are handling HTTP requests from multiple nodes you might want to close each StreamableHTTPServerTransport after a request is completed while still keeping the session open/running.

setOnSessionInitialized

fun setOnSessionInitialized(block: (String) -> Unit?)

A callback for session initialization events This is called when the server initializes a new session. Useful in cases when you need to register multiple mcp sessions and need to keep track of them.

setSessionIdGenerator

fun setSessionIdGenerator(block: () -> String?)

Function that generates a session ID for the transport. The session ID SHOULD be globally unique and cryptographically secure (e.g., a securely generated UUID, a JWT, or a cryptographic hash)

start

open suspend override fun start()