Add sessionID to RequestHandlerExtra type for tool invocations so multi-user services can distinguish users

[jwvictor]

Added a sessionID field to the RequestHandlerExtra data that gets passed to tool callbacks, and wired it through from the transport session ID. Exposed the sessionID field on the abstract Transport interface.

Motivation and Context

This allows multi-user SSE-based MCP servers distinguish which user is invoking the tool based on their session ID (which in turn can be mapped to any data derived from the authentication token passed in HTTP headers).

Without this change, tool callbacks being served over SSE can't tell which user is making the request.

How Has This Been Tested?

Made a test service and tested it with Inspector. The tool callback was able to resolve the user ID associated with the requester's API key by using a map from session ID to user ID.

Breaking Changes

No.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

N/A

[jspahrsummers]

Thanks, good idea! Just the one comment. If you're able to add a test for this as well, that would be stellar—but not a blocker.

[jspahrsummers]

Can you please add a docstring here?

[jwvictor]

You bet, I'll take a look this afternoon

[jwvictor]

Hey sir - added a test and a doc string, let me know if you need anything else!

[avi1mizrahi]

👍 for this, we also got into the same problem with the same fix

[jspahrsummers]

Very sorry, we've been underwater recently. Looks good—thank you!