Session::save() crashes when $data property is never initialized #273
Description
Description
Mcp\Server\Session\Session::save() throws a TypeError when $data is accessed before initialization on a newly created session that has never had data set.
Error: Typed property Mcp\Server\Session\Session::$data must not be accessed before initialization
Stack Trace
Mcp\Server\Session\Session::save()
→ return $this->store->write($this->id, json_encode($this->data, JSON_THROW_ON_ERROR));
Mcp\Server\Protocol::processInput()
→ $session->save();
Mcp\Server\Transport\BaseTransport::handleMessage()
→ ($this->messageListener)($this, $payload, $sessionId);
Mcp\Server\Transport\StreamableHttpTransport::handlePostRequest()
→ $this->handleMessage($body, $this->sessionId);
Environment
- mcp/sdk version: v0.4.0
- PHP version: 8.5.4
- Transport: StreamableHttpTransport (HTTP Streamable)
- Runtime: FrankenPHP
- Framework: Symfony 8 with
symfony/mcp-bundle
Steps to Reproduce
- Configure an MCP server endpoint using StreamableHttpTransport
- Send a valid POST request to the MCP endpoint (e.g.
initializemethod) - The server processes the message and calls
Protocol::processInput() processInput()calls$session->save()Session::save()accesses$this->datawhich was never initialized → TypeError
Root Cause
In Session.php line 54, $this->data is a typed property that is accessed in save() without checking if it has been initialized. When a new session is created and processInput() triggers a save() before any data has been explicitly set, the property is still uninitialized.
Suggested Fix
Initialize $data with a default value in the property declaration:
private array $data = [];Or add a null check / initialization in the save() method:
public function save(): bool
{
if (!isset($this->data)) {
return true; // Nothing to persist
}
return $this->store->write($this->id, json_encode($this->data, JSON_THROW_ON_ERROR));
}