# The Session Conductor (Connecting to WhatsApp) > How OpenWA handles the magic of logging in: launching the Chromium browser behind the scenes, showing a QR code to scan, and keeping the connection alive like a persistent web socket. - Repository: rmyndharis/OpenWA - GitHub: https://github.com/rmyndharis/OpenWA - Human wiki: https://grok-wiki.com/public/wiki/rmyndharis-openwa-2c9996a09a22 - Complete Markdown: https://grok-wiki.com/public/wiki/rmyndharis-openwa-2c9996a09a22/llms-full.txt ## Source Files - `src/modules/session/session.controller.ts` - `src/modules/session/session.service.ts` - `src/engine/engine.factory.ts` - `src/engine/adapters/whatsapp-web-js.adapter.ts` ---
Relevant source files The following files were used as context for generating this wiki page: - [src/modules/session/session.controller.ts](src/modules/session/session.controller.ts) - [src/modules/session/session.service.ts](src/modules/session/session.service.ts) - [src/engine/engine.factory.ts](src/engine/engine.factory.ts) - [src/engine/adapters/whatsapp-web-js.adapter.ts](src/engine/adapters/whatsapp-web-js.adapter.ts) - [src/modules/session/entities/session.entity.ts](src/modules/session/entities/session.entity.ts) - [src/plugins/engines/whatsapp-web-js/index.ts](src/plugins/engines/whatsapp-web-js/index.ts)
# The Session Conductor (Connecting to WhatsApp) OpenWA acts as an intelligent coordinator for WhatsApp Web sessions, handling the complexities of browser automation, credential management, and real-time state synchronization. Decoupling application logic from the underlying browser instance ensures that WhatsApp connections remain stable, secure, and highly available. At the core of this system is the **Session Conductor** workflow. It orchestrates headless Chromium browser instances behind the scenes using Puppeteer, translates raw credential strings into scannable QR codes, and employs a robust exponential backoff retry mechanism to heal broken connections automatically. --- ## 1. Introduction For production-grade systems, maintaining stable, long-running connections to WhatsApp Web presents a unique set of challenges. Browser crashes, network timeouts, credential expiration, and sleep-state disconnections are commonplace. To mitigate these risks, OpenWA encapsulates the session lifecycle in a dedicated orchestration layer. Rather than exposing complex browser internals directly to developers, OpenWA wraps session state changes in clean, API-accessible endpoints, pushes real-time notifications via WebSockets and webhooks, and manages auto-reconnections gracefully under the hood. Sources: [src/modules/session/session.service.ts:28-46]() --- ## 2. Session States & Lifecycle Orchestration OpenWA handles session status updates using a structured state machine mapped in a persistent relational database. Every connection progresses through defined lifecycle states, enabling operators to track browser boots, scans, and failures in real time. ### Database State Transitions | State Name | Database String | Description | | :--- | :--- | :--- | | **Created** | `created` | Session record is stored in the database but the browser has not been spawned. | | **Initializing** | `initializing` | Puppeteer is launching Chromium and prepping dependencies in the background. | | **QR Ready** | `qr_ready` | Chromium successfully loaded the WhatsApp Web app and exposed an authentication QR code. | | **Authenticating** | `authenticating` | The QR code was scanned and the credential exchange is being validated by WhatsApp servers. | | **Ready** | `ready` | Credentials verified. The session is active, fully connected, and ready to send/receive messages. | | **Disconnected** | `disconnected` | Connection was stopped by the operator or lost due to network/browser disruption. | | **Failed** | `failed` | The initialization or credential handshakes crashed or timed out terminally. | ### Lifecycle State Machine Diagram ```mermaid stateDiagram-v2 [*] --> created: Session Created created --> initializing: Operator Starts Session (API) initializing --> qr_ready: WhatsApp Requests Auth (QR Code) qr_ready --> authenticating: User Scans QR authenticating --> ready: Credentials Verified initializing --> ready: Session Restored (LocalAuth Cache) ready --> disconnected: Connection Lost / Stopped disconnected --> initializing: Reconnection Triggered (Backoff) initializing --> failed: Critical Puppeteer / Auth Failure authenticating --> failed: Verification Timeout ``` Sources: [src/modules/session/entities/session.entity.ts:5-13](), [src/modules/session/session.service.ts:337-350]() --- ## 3. Spawning the Sandbox: Puppeteer & Chromium Launch OpenWA implements a decoupled driver system that relies on plugins and adapter patterns to interface with automation libraries. When a session starts, OpenWA invokes the active engine plugin (defaulting to the built-in `whatsapp-web.js` engine wrapper) to create a concrete engine instance. ### Headless Browser Initialization The adapter initializes a Puppeteer-controlled headless Chromium instance. To guarantee high performance, security, and resource isolation inside containerized environments (like Docker), the engine initializes the client with explicit sandboxing and performance flags: ```typescript // Location: src/engine/adapters/whatsapp-web-js.adapter.ts const puppeteerArgs = this.config.puppeteer?.args || [ '--no-sandbox', '--disable-setuid-sandbox', '--disable-dev-shm-usage', '--disable-accelerated-2d-canvas', '--no-first-run', '--no-zygote', '--disable-gpu', ]; ``` ### Proxy Support and Sandboxing Controls If the session configuration contains proxy credentials, the adapter dynamically injects the `--proxy-server` argument into Puppeteer's startup array. To prevent requiring QR code scans upon every single browser boot, OpenWA leverages a `LocalAuth` strategy. When initialized, the adapter maps a caching directory (`./data/sessions`) segmented by `clientId`. This cache retains all WhatsApp session tokens, indexed database states, and localStorage details on disk. When the browser launches next time, it restores the session invisibly, bypassing the QR scan phase entirely and transitioning straight from `initializing` to `ready`. ```typescript // Location: src/engine/adapters/whatsapp-web-js.adapter.ts this.client = new Client({ authStrategy: new LocalAuth({ clientId: this.config.sessionId, dataPath: path.resolve(this.config.sessionDataPath), }), puppeteer: { headless: this.config.puppeteer?.headless ?? true, args: puppeteerArgs, }, }); ``` Sources: [src/engine/adapters/whatsapp-web-js.adapter.ts:71-107](), [src/plugins/engines/whatsapp-web-js/index.ts:36-62](), [src/engine/engine.factory.ts:94-110]() --- ## 4. Serving the Credentials: QR Code Generation When WhatsApp Web requires a new device pairing, it issues a raw string containing the pairing token. The session coordinator captures this event, renders it, and exposes it through API and gateway layers. ### The QR Code Handshake 1. **Capture raw QR code**: The adapter listens to the `qr` event from the underlying automation client. 2. **Convert to Data URL**: Rather than storing raw strings, OpenWA converts the token into a base64-encoded Data URL using the `qrcode` library. 3. **Notify Subscribers**: The database record transitions to `qr_ready`, and the adapter calls `onQRCode(qrCode)` to trigger internal Hooks and emit real-time WebSocket state changes to all listening clients. 4. **API Polling/Retrieval**: The frontend retrieves the base64 QR payload by hitting the `GET /sessions/:id/qr` endpoint, rendering the visual code instantly for end-user scanning. ```typescript // Location: src/engine/adapters/whatsapp-web-js.adapter.ts this.client.on('qr', async (qr: string) => { try { this.qrCode = await qrcode.toDataURL(qr); this.setStatus(EngineStatus.QR_READY); this.callbacks.onQRCode?.(this.qrCode); } catch (error) { this.logger.error('Error generating QR code', String(error)); } }); ``` Sources: [src/engine/adapters/whatsapp-web-js.adapter.ts:114-122](), [src/modules/session/session.service.ts:440-461]() --- ## 5. Persistence and Resilience: Auto-Reconnection & Heartbeats To operate robustly without manual intervention, OpenWA implements automated self-healing. When a network hiccup or WebSocket drop severs the connection, the engine catches the drop and begins a graceful recovery flow. ### Exponential Backoff Reconnection Logic When a session drops, the adapter triggers the `onDisconnected` callback. The `SessionService` schedules a reconnection timer based on an exponential backoff algorithm with added random jitter. This jitter prevents "thundering herd" problems where multiple disconnected sessions hammer the network at exact simultaneous intervals: $$\text{Delay} = \text{baseDelay} \times 2^{\text{attempts}} + \text{Random Jitter (0-1000ms)}$$ ```typescript // Location: src/modules/session/session.service.ts private scheduleReconnect(id: string, session: Session): void { const state = this.reconnectStates.get(id); if (!state) return; if (state.attempts >= state.maxAttempts) { this.logger.error(`Max reconnect attempts reached for session: ${session.name}`, undefined, { sessionId: id, attempts: state.attempts, action: 'reconnect_failed', }); return; } // Exponential backoff: baseDelay * 2^attempts (with jitter) const delay = state.baseDelay * Math.pow(2, state.attempts) + Math.random() * 1000; state.attempts++; state.timer = setTimeout(() => { void this.executeReconnect(id, session, state); }, delay); } ``` During `executeReconnect`, the system destroys the old adapter instance, releases Puppeteer resources, launches a fresh engine, and initiates a clean Chromium launch. ### Real-Time Event Sync via WebSockets and Webhooks To keep external dashboards and downstream services in sync during connections, disconnections, and errors, OpenWA leverages two distinct communication structures: * **WebSockets (`EventsGateway`)**: Emits real-time state changes (`emitSessionStatus`) so front-end dashboards update their connection meters instantly without API polling. * **Webhooks (`WebhookService`)**: Dispatches secure HTTP POST webhooks to downstream external platforms, alerting them of disconnect actions or incoming message payloads immediately. Sources: [src/modules/session/session.service.ts:20-25](), [src/modules/session/session.service.ts:315-386]() --- ## 6. Architecture Flow Blueprint The following sequence diagram maps out how an API call to start a session maps into a running browser, handles QR code pairing, and establishes messages event routing: ```mermaid sequenceDiagram autonumber participant API as API Client / Dashboard participant Ctrl as SessionController participant Svc as SessionService participant Fact as EngineFactory participant Adp as WhatsAppWebJsAdapter participant Pupp as Puppeteer (Chromium) API->>Ctrl: POST /sessions/:id/start Ctrl->>Svc: start(id) Svc->>Fact: create(options) Fact-->>Svc: returns WhatsAppWebJsAdapter Svc->>Adp: initialize(callbacks) Adp->>Pupp: Launch headless Chromium with LocalAuth Pupp-->>Adp: Browser instance active alt Session data not found / expired (Fresh Pairing) Adp-->>Svc: onQRCode(qrCode) Svc->>API: Emit 'session:qr' via WebSocket / Update DB to 'qr_ready' else Session data restored from disk (Auto-Login) Adp-->>Svc: onReady(phone, pushName) Svc->>API: Emit 'session:ready' via WebSocket / Update DB to 'ready' end Note over Pupp, Adp: User scans QR if needed, session transitions to Ready alt Inbound Message Event Pupp->>Adp: Raw message event Adp->>Svc: onMessage(IncomingMessage) Svc->>Svc: Execute Plugin Hooks Svc->>API: Dispatch HTTP Webhook & WebSocket Event end ``` Sources: [src/modules/session/session.controller.ts:94-114](), [src/modules/session/session.service.ts:220-354]() --- ## 7. Developer Conventions & Multi-Engine Portability To keep the platform's architecture clean, provider-neutral, and extensible, OpenWA structures its engine layers around interfaces. The `EngineFactory` queries registered engine plugins dynamically from the `PluginLoaderService` using a portable system. Developers looking to introduce alternative connection mechanisms (e.g., Baileys or native web-socket wrappers) can implement the standard `IWhatsAppEngine` interface and register their plugin under `PluginType.ENGINE`. This ensures the session orchestrator remains entirely unaffected by changes to underlying browser drivers or protocol implementations, keeping the repository's core logic lean and fully modular. Sources: [src/engine/engine.factory.ts:15-25](), [src/engine/engine.factory.ts:63-81]()