Still get QRcode even while using remote auth

[CHR-onicles]

Is there an existing issue for this?

• [X] I have searched the existing issues

Describe the bug

After running for about 6-7 days, it appears the session saved in mongodb expires, prompting a QRcode scan in heroku. This has happened consistently for the past 3 weeks, and sometimes scanning doesn't work; so I have to manually delete the session saved in my mongo database, rescan and wait for remote auth to save the session, after which it works perfectly, but again just for a week.

Expected behavior

QRcode should not appear, and session should restore itself continuously

Steps to Reproduce the Bug or Issue

1. Enable remote auth
2. Run in Heroku for a week or 2

Relevant Code

No response

Browser Type

Chromium

WhatsApp Account Type

Standard

Does your WhatsApp account have multidevice enabled?

Yes, I am using Multi Device

Environment

OS: Linux, the bug occurs on Heroku's dynos which run Linux but my OS is Win 10 and there are no local problems Phone OS: Android Whatsapp-web.js: v1.17.1 Whatsapp web: v2.2232.8 Node.js: v18.7.0

Additional context

No response

[jtouris]

Hey! I think this problem is more related to WhatsApp sessions expiring than a bug related to RemoteAuth's implementation.

WWebjs sessions don't last forever, they usually have a limited TTL that causes them to expire eventually. It could last a month, weeks or days. When this happens, you will be prompted with the QR code to re authenticate but not because there is a bug with the library itself, but because there is not a valid session to restore anymore.

[CHR-onicles]

Hey! I think this problem is more related to WhatsApp sessions expiring than a bug related to RemoteAuth's implementation.

WWebjs sessions don't last forever, they usually have a limited TTL that causes them to expire eventually. It could last a month, weeks or days. When this happens, you will be prompted with the QR code to re authenticate but not because there is a bug with the library itself, but because there is not a valid session to restore anymore.

Interesting, I see. So I still have to scan periodically :( although it might be a while before I need to scan because of Remote Auth

[000ph]

Same issue, but it requires the qrcode scan every restart.

[jtouris]

Same issue, but it requires the qrcode scan every restart.

You are probably not using it correctly, make sure your session is being saved on your database. Please read carefully through the documentation:

Subscribing to Remote Session Saved Event: After the initial QR scan to link the device, RemoteAuth takes about 1 minute to successfully save the WhatsApp session into the remote database, therefore the ready event does not mean the session has been saved yet.

In order to listen to this event, you can now use the following:

client.on('remote_session_saved', () => {
    //Do Stuff...
}

[luiscuriel]

Hey! I think this problem is more related to WhatsApp sessions expiring than a bug related to RemoteAuth's implementation.

WWebjs sessions don't last forever, they usually have a limited TTL that causes them to expire eventually. It could last a month, weeks or days. When this happens, you will be prompted with the QR code to re authenticate but not because there is a bug with the library itself, but because there is not a valid session to restore anymore.

I am sorry but this is not true. Whatsapp web works forever without reescanning as long as you login every X days. If you hare facing that you need to re-scan QR codes frequently there is a bug in your code or whatsapp-web code (which it is because the sessions gets corrupt randomly and this is a well known reported bug)

[jtouris]

Hey! I think this problem is more related to WhatsApp sessions expiring than a bug related to RemoteAuth's implementation. WWebjs sessions don't last forever, they usually have a limited TTL that causes them to expire eventually. It could last a month, weeks or days. When this happens, you will be prompted with the QR code to re authenticate but not because there is a bug with the library itself, but because there is not a valid session to restore anymore.

I am sorry but this is not true. Whatsapp web works forever without reescanning as long as you login every X days. If you hare facing that you need to re-scan QR codes frequently there is a bug in your code or whatsapp-web code (which it is because the sessions gets corrupt randomly and this is a well known reported bug)

First of all, I said WWebjs sessions not WhatsApp web which of course are different in multiple ways (like WhatsApp web being official and wwebjs isn’t - lol).

Also, this “bug” of sessions expiring while using the library also happens while using LocalAuth , which is why I said this is not a RemoteAuth specific issue..

So yes, what I said is indeed true and if you want feel free to investigate further 🙂 sessions get corrupted and are no longer recoverable even if you are using LocalAuth on your local machine.

[luiscuriel]

Hey! I think this problem is more related to WhatsApp sessions expiring than a bug related to RemoteAuth's implementation. WWebjs sessions don't last forever, they usually have a limited TTL that causes them to expire eventually. It could last a month, weeks or days. When this happens, you will be prompted with the QR code to re authenticate but not because there is a bug with the library itself, but because there is not a valid session to restore anymore.

I am sorry but this is not true. Whatsapp web works forever without reescanning as long as you login every X days. If you hare facing that you need to re-scan QR codes frequently there is a bug in your code or whatsapp-web code (which it is because the sessions gets corrupt randomly and this is a well known reported bug)

First of all, I said WWebjs sessions not WhatsApp web which of course are different in multiple ways (like WhatsApp web being official and wwebjs isn’t - lol).

Also, this “bug” of sessions expiring while using the library also happens while using LocalAuth , which is why I said this is not a RemoteAuth specific issue..

So yes, what I said is indeed true and if you want feel free to investigate further 🙂 sessions get corrupted and are no longer recoverable even if you are using LocalAuth on your local machine.

Again... sorry but nope. I have been using whatsapp web libraries for javascript and nodejs for several years.

This is a BUG related to the way the session in multidevice is stored in multiple files instead of a simple auth key in a json. Whatsapp web and this library uses the same code to manage the whatsapp session through the browser. This library is just an injection of code to interact with the browser and the stores methods and variables.

The session gets lost using localauth and remoteauth because the bug is not related to where you store the files.

You can believe what you want, but if you login everyday you should NOT have to re-scan the code NEVER. When I used the json auth before the multidevice version I had a robot running for months without stop. Now I lose sessions every week.

In example, there are others libraries (in js and python) that uses the multidevice and don't suffer from this bug. Session gets never lost.

[jtouris]

@luiscuriel Ok lets get things clear, I think you are a bit confused with your speech talking about a different problem than the one being addressed in this particular issue.

You are talking about WhatsApp sessions in a general matter, official WhatsApp, other WhatsApp libraries or even older versions of wwebjs... I am talking about wwebjs sessions specifically for multidevice localAuth RemoteAuth mechanisms as they currently are right now.

The current situation is as is, sessions DO EXPIRE and I am not saying they should, neither arguing about it, of course they should persist longer but they don't and I personally don't know why.

I did my part by creating RemoteAuth and contributing so that sessions could be extracted into a database and persisted longer than within a file system and they actually do last longer, at least for me.

Talk is easy :) so if you say you have lots of experience of using javascript and nodejs WhatsApp libraries for several years and have a better global perspective of the problem than the rest of us, please go ahead and contribute, create a Pull Request and fix the problem for the entire community.

[osas-dev]

Same issue, but it requires the qrcode scan every restart.

You are probably not using it correctly, make sure your session is being saved on your database. Please read carefully through the documentation:

Subscribing to Remote Session Saved Event: After the initial QR scan to link the device, RemoteAuth takes about 1 minute to successfully save the WhatsApp session into the remote database, therefore the ready event does not mean the session has been saved yet.

In order to listen to this event, you can now use the following:

client.on('remote_session_saved', () => {
    //Do Stuff...
}

I did this and saw the session on my mongodb database but it still bring the qr code on restart

[siddiquiaffan]

Still facing the issue. Anyone found the solution?

[postix]

same here ... i have the same problem ..

[mahmouds12]

same problem here

[wpadilla]

Same problem here!

[postix]

finally i used LocalAuth .... :P

[siddiquiaffan]

finally i used LocalAuth .... :P

@postix what about session backup?

[postix]

i just define other location of the created directory in my server ... that way i can recover every time i want ....

[LucaTrip]

Hi, I think I have the same problem. Below my steps in brief trying to use RemoteAuth Strategy

1. Initialise mongodb

   ...
   import { MongoStore } from "wwebjs-mongo";
   import mongoose from "mongoose";
   
   mongoose.connect(process.env.MONGODB_URI).then(() => {
       const store = new MongoStore({ mongoose });
       ...
   });

2. initialise whatsapp-web

   const waClient = new Client({
       authStrategy: new RemoteAuth({
         store,
         clientId: sessionName,
         backupSyncIntervalMs: 300000,
       }),
   });
   
   waClient.on("remote_session_saved", () => {
       ...
   });
   
   waClient.on("qr", (qr) => {
      ...
   });
   
   waClient.on("ready", () => {
      ...
   });
   
   waClient.initialize();

   Everything seems to work correctly, once logged in, all the info about my session is saved to db and the RemoteAuth-clientId.zip file is also extracted correctly and put in the root of the project, but it only ever issues me the qrcode event. Shouldn't it issue the remote_session_saved event? I attach the image of the files extracted from reading from db of the RemoteAuth-clientId.zip file.

Can someone help me? Thanks in advance

[ChetanMotghare]

@luiscuriel Ok lets get things clear, I think you are a bit confused with your speech talking about a different problem than the one being addressed in this particular issue.

You are talking about WhatsApp sessions in a general matter, official WhatsApp, other WhatsApp libraries or even older versions of wwebjs... I am talking about wwebjs sessions specifically for multidevice localAuth RemoteAuth mechanisms as they currently are right now.

The current situation is as is, sessions DO EXPIRE and I am not saying they should, neither arguing about it, of course they should persist longer but they don't and I personally don't know why.

I did my part by creating RemoteAuth and contributing so that sessions could be extracted into a database and persisted longer than within a file system and they actually do last longer, at least for me.

Talk is easy :) so if you say you have lots of experience of using javascript and nodejs WhatsApp libraries for several years and have a better global perspective of the problem than the rest of us, please go ahead and contribute, create a Pull Request and fix the problem for the entire community.

can you add some documentation how we can use session using remote auth

[ric-h]

try not use

puppeteer: { args: [ '--no-sandbox' ] }

[steven-tib]

Did anyone manage to fix this with heroku and remoteauth strategy?

@LucaTrip did you actually find a solution?

@postix, you mentioned having switched back to LocalAuth, but how did you set a different folder location? Does it point to an S3 storage?

[agitnaeta]

The same issue, let me clarify

1. we do save the session, thanks to remote_session_saved
2. when we restart the server, then try to load database, then the session is not loaded its still showing QR, thats mean we failed to load, and need to scan it again for new session

[s4suryapal]

For me, it's working in Local, But when uploading on Heroku it's not working. in Heroku every time need to scan the QR code. Please help @jtourisNS @postix

[jtouris]

I just tested RemoteAuth along with wwebjs-mongo and it worked just fine, saved the session, and restored it successfully after a server restart. If anybody can elaborate a decent use case maybe that would help understand what is actually not working. If the session expires, well... that is a completely different topic than not even being able to restore it once.

Please consider I do not use this library (whatsapp-web.js nor wwebjs-mongo) personally so i am only aware of these problems when i test them, and everything worked fine for me today.

[p-ugulino]

The same issue, let me clarify

1. we do save the session, thanks to remote_session_saved

2. when we restart the server, then try to load database, then the session is not loaded its still showing QR, thats mean we failed to load, and need to scan it again for new session

Just bumping because I'm facing the same issue

[AdrianGzzEsc]

For me, it's working in Local, But when uploading on Heroku it's not working. in Heroku every time need to scan the QR code. Please help @jtourisNS @postix

Make sure to have a path for the folders .wwebjs_auth and .wwebjs_cache. If you dont have the folders in your git then it will create them in every restart and thats where the information its saved. Using local auth in heroku its not good cause it will later max out your apps memory. I was doing that but since its maxing out my memory Im trying to implement remote auth which leads me to this issue :(

[AdrianGzzEsc]

I just tested RemoteAuth along with wwebjs-mongo and it worked just fine, saved the session, and restored it successfully after a server restart. If anybody can elaborate a decent use case maybe that would help understand what is actually not working. If the session expires, well... that is a completely different topic than not even being able to restore it once.

Please consider I do not use this library (whatsapp-web.js nor wwebjs-mongo) personally so i am only aware of these problems when i test them, and everything worked fine for me today.

Im not sure what to tell you, I save the session, the 'remote_session_saved' event its triggered but after a restart instead of connecting its asking again to scan a qr. It was working before and now it doesnt

[steven-tib]

I just tested RemoteAuth along with wwebjs-mongo and it worked just fine, saved the session, and restored it successfully after a server restart. If anybody can elaborate a decent use case maybe that would help understand what is actually not working. If the session expires, well... that is a completely different topic than not even being able to restore it once.

Please consider I do not use this library (whatsapp-web.js nor wwebjs-mongo) personally so i am only aware of these problems when i test them, and everything worked fine for me today.

@jtourisNS did it work for you when you simply force restart the dyno? Otherwise, which way did you use to restart the server?

Could you possibly share your working code as an example for us? We can then try the exact same code on our side. Thank you!

[aziz1117]

@jtourisNS could you please share your code that save and restore session using RemoteAuth. Thank you

[jtouris]

[aziz1117]

@jtourisNS appreciate your response, but when I stopped my app after ‘remote_session_saved’ message appear, and I after restart my app, still shows me qrcode next time. I wrote same code. Is there any missing code should I write to extract session from database?

[LucaTrip]

@steven-tib sorry for the delay but I tried to change something but the problem still remains.

@jtourisNS can you share with us more details? because I tried a lot but if I close and restart immediately the server (in local) but the "remote_session_saved" event is never emitted.

These are the folders that are created when I connect via qrcode. Everything seems to be there both in the project filesystem and in Mongo . Mongo side

I don't think that could be my Mongo connection URI but I share it with you: MONGODB_URI="mongodb+srv://admin:password@mycluster.umdxv.mongodb.net/MyDB?retryWrites=true&w=majority"

I follow the doc and it seems that I set up everything correctly. I don't have any more ideas.

[s4suryapal]

Please try to tun same code on server, it will not work. As i said it's working in local but not working on server/heroku.

[AdrianGzzEsc]

    [

        ![auth](https://user-images.githubusercontent.com/39593002/253996791-10d3291d-a04a-4451-8625-cb16f4140d64.gif)
      ](https://user-images.githubusercontent.com/39593002/253996791-10d3291d-a04a-4451-8625-cb16f4140d64.gif)

      [

      ](https://user-images.githubusercontent.com/39593002/253996791-10d3291d-a04a-4451-8625-cb16f4140d64.gif)

Please try to tun same code on server, it will not work. As i said it's working in local but not working on server/heroku.

Do you have puppeteer added as a buildpack in heroku?

[s4suryapal]

@steven-tib sorry for the delay but I tried to change something but the problem still remains.

@jtourisNS can you share with us more details? because I tried a lot but if I close and restart immediately the server (in local) but the "remote_session_saved" event is never emitted.

These are the folders that are created when I connect via qrcode. Everything seems to be there both in the project filesystem and in Mongo . Mongo side

I don't think that could be my Mongo connection URI but I share it with you: MONGODB_URI="mongodb+srv://admin:password@mycluster.umdxv.mongodb.net/MyDB?retryWrites=true&w=majority"

I follow the doc and it seems that I set up everything correctly. I don't have any more ideas.

Delete .auth 2 folders and

Then run it, check database if there collections ending with 'files' & 'chunks' also Delete them and run it

Remote Session Event will emitted

[s4suryapal]

    [

        ![auth](https://user-images.githubusercontent.com/39593002/253996791-10d3291d-a04a-4451-8625-cb16f4140d64.gif)
      ](https://user-images.githubusercontent.com/39593002/253996791-10d3291d-a04a-4451-8625-cb16f4140d64.gif)

      [

      ](https://user-images.githubusercontent.com/39593002/253996791-10d3291d-a04a-4451-8625-cb16f4140d64.gif)

    [

        ![auth](https://user-images.githubusercontent.com/39593002/253996791-10d3291d-a04a-4451-8625-cb16f4140d64.gif)
      ](https://user-images.githubusercontent.com/39593002/253996791-10d3291d-a04a-4451-8625-cb16f4140d64.gif)

      [

      ](https://user-images.githubusercontent.com/39593002/253996791-10d3291d-a04a-4451-8625-cb16f4140d64.gif)

Please try to tun same code on server, it will not work. As i said it's working in local but not working on server/heroku.

Do you have puppeteer added as a buildpack in heroku?

Yes, puppeteer working by giving 'executable path' argument

If very first we authentic with QrCode everything works fine, only issue is if we restart server we have to scan qr code again.

In my case Remote Session Event is also emitted but still if i restart server i have to scan qrcode again.

This issue is on server only, in local working perfectly.

[emraherkol]

I am using the code given as an example. Records are added to the database, the event is also emitted, but it still shows QR on my next try...

[learntheropes]

It was working for me, but since a few days I'm asked for the qr code every time.

In my Dockerfile for production, I have:

# Create the folders for whatsapp bot
RUN mkdir -p /app/.wwebjs_auth
RUN mkdir -p /app/.wwebjs_cache
RUN mkdir -p /app/RemoteAuth

I see that remote_session_saved is triggered, and the entries saved in the database and the .zip file created locally.

For now, I have to switch back to LocalAuth because during development I'm asked for a new qr code at every code change, making it unusable.

My code is:

import whatsappWeb from 'whatsapp-web.js';
const { Client,  RemoteAuth } = whatsappWeb
import { MongoStore } from 'wwebjs-mongo';
import mongoose from 'mongoose';
import QRCode from 'qrcode';
import { Telegraf } from 'telegraf';

const { 
  mongodbUri,
  telegramToken,
  telegramChatId,
  public: {
    isDeployed
  }
} = useRuntimeConfig();

const tg = new Telegraf(telegramToken);

const sendTelegram = async (string) => {

  const img = await QRCode.toDataURL(string);
  const buffer = Buffer.from(img.split("base64,")[1], "base64");

  await tg.telegram.sendPhoto(telegramChatId, {
    source: Buffer.from(buffer, 'base64'),
  }, {
    caption: (isDeployed) ? 'digital-ocean' : 'local' 
  });
};

export let client;

export default defineNitroPlugin( async (nitroApp) => {

  await mongoose.connect(mongodbUri);

  const store = new MongoStore({ mongoose });

  console.log('mongoose status', mongoose.connection.readyState);

  client = new Client({
    puppeteer: {
      headless: true,
      args: [
        '--no-sandbox',
        '--disable-setuid-sandbox',
        '--disable-gpu',
      ],
      defaultViewport: {
        width: 800,
        height: 600
      }
    },
    authStrategy: new RemoteAuth({
      store, 
      backupSyncIntervalMs: 1000 * 60,
      clientId: (isDeployed) ? 'digital-ocean' : 'local'
    })
  });

  client.initialize();

  client.on('qr', async (qr) => {
    const qrcode = await QRCode.toString(qr,{
      type: 'terminal',
      small: true
    });
    console.log(qrcode);
    await sendTelegram(qr);
  });

  client.on('authenticated', () => {
    console.log('wa autheticated');
  });

  client.on('auth_failure', msg => {
    console.error('wa authentication failure', msg);
    throw createError({
      statusMessage: `Authentication failure: ${msg}`,
      statusCode: 500,
    });
  });

  client.on('change_state', (state) => {
    console.log('wa change state', state);
  });

  client.on('disconnected', (reason) => {
    console.log('wa disconnected', reason);
    client.initialize();
  });

  client.on('ready', () => {
    console.log('wa connected');
  });

  client.on('remote_session_saved', () => {
    console.log('wa remote session saved');
  });

  console.log('wa initialized');
});

The remote database is a MongoDB Atlas instance.

[Ndohjapan]

I am currently experiencing the same issue.

However, it seems like this issue is specific to RemoteAuth because I did a revert on my codebase from RemoteAuth to LocalAuth and it all seems to be working perfectly after a restart.

I am looking towards implementing a RemoteAuth using LocalAuth, whereby the sessions in the .wwebjs_auth folder are zipped and are uploaded to a mongodb collection.

And when there is a restart, it simply tries to get all the session from the mongodb collection and after that we can loads it into the .wwebjs_auth folder.

[nkbhasker]

Seems to be an issue with the unzipper package. I am able to restore sessions after replacing the unzipper with adm-zip, have tested this with Mongo store and custom s3 store.

[Ndohjapan]

Can you share the code for the changed unzipped library.

On Thu, 17 Aug 2023, 17:58 Nitish Bhasker, @.***> wrote:

Seems to be an issue with the unzipper package. I am able to restore sessions after replacing the unzipper with adm-zip, have tested this with Mongo store and custom s3 store.

— Reply to this email directly, view it on GitHub https://github.com/pedroslopez/whatsapp-web.js/issues/1681#issuecomment-1682645630, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJXLKVKIXNUTXQYRSJCLTULXVZEU5ANCNFSM6AAAAAAQB4KODI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[nkbhasker]

I have created a pull request #2412. Here is the nest example project https://github.com/nkbhasker/nest-whatsapp.

[steven-tib]

@nkbhasker I'm testing your fix since yesterday on my heroku server and restarted the server a couple of time, it always reloaded correctly the session. You might be the hero we were looking for.

I'll stil let it run a bit longer to see how stable it is but it really seem stable now.

[Lcampos85]

Friends I have the following doubt.

I did the test to connect the session through wwebjs-mongo and it does it correctly.

Can someone guide me to try to do the following:

I want to.

1) Verify if the session with name "session1" is active. 2) If it is not, activate the QR scan option. 3) If the session is still active, continue with the reception of messages.

This is possible? perform this verification.

Thank you

[Ndohjapan]

Friends I have the following doubt.

I did the test to connect the session through wwebjs-mongo and it does it correctly.

Can someone guide me to try to do the following:

I want to.

1. Verify if the session with name "session1" is active.
2. If it is not, activate the QR scan option.
3. If the session is still active, continue with the reception of messages.

This is possible? perform this verification.

Thank you

By default that is what the RemoteAuth is meant to do but it does not do that correctly.

However @steven-tib has raised a PR which should do the potential solution to it.

[steven-tib]

@Ndohjapan I am merely a tester of this PR, the honor goes to @nkbhasker :)

My bot is still stable and has been rebooted few times again without any issue to recover the session, so it seems to work as expected now.

@nkbhasker I’m wondering if, for more flexibility and backward compatibility, you could modify your PR to allow user selecting which de-zipping package they want to use. I believe only few people are impacted by unzipper like us. In my case I’m using Heroku so some other hosting might work fine with unzipper.

@Lcampos85 if I put aside the QR issue we have with remoteAuth, I think what you’re trying to achieve is possible with clientId. See the documentation here:

https://wwebjs.dev/guide/authentication.html#multiple-sessions

const { Client, LocalAuth } = require('whatsapp-web.js');

const client1 = new Client({
    authStrategy: new LocalAuth({ clientId: "client-one" })
});

const client2 = new Client({
    authStrategy: new LocalAuth({ clientId: "client-two" })
});

This shows an example with localAuth but I tried it with remoteAuth and it works as well (using the fix from @nkbhasker PR)

[Lcampos85]

suppose that:

1) For the first time, I scan the QR code and save the session with LocalAuth (session1).

2) How do I do that when I restart the server to verify that session1 is active or not.

Please guide me.

I use

const { Client, LocalAuth } = require('whatsapp-web.js');

const client1 = new Client({ authStrategy: new LocalAuth({ clientId: "client-one" }) });

to save the session.

and I use

const { Client, LegacySessionAuth } = require('whatsapp-web.js');

const client = new Client({ authStrategy: new LegacySessionAuth({ session: {} // saved session object }) });

to check if the session is active or not ?

Is it like this...

Additionally the Client function, does it work as a promise?

Thanks for the guidance

[imIgnacio]

I am also experiencing this issue. What I found out is that before I was using node 16.20.2 and everything seems to be working fine. Today I updated to node 18. And I started to have this issue. I have the remote auth saved on mongoDB. However, when I try to run it locally, It shows the QR code (It doesn't get the auth from the DB)

[siddiquiaffan]

@nkbhasker I'm testing your fix since yesterday on my heroku server and restarted the server a couple of time, it always reloaded correctly the session. You might be the hero we were looking for.

I'll stil let it run a bit longer to see how stable it is but it really seem stable now.

What's the status now?

[eramosr16]

Tried RemoteAuth with Mongo and I have the same issue, I scan the QR code wait for the session saved and then restart the service, session is not restored, keep asking for the QR code every time.

version: ^1.22.2-alpha.1

here is my code:

[RwandaGloria]

Has this issue been resolved?