Download the PHP
package php-opcua/opcua-session-manager without Composer
On this page you can find all versions of the php package
php-opcua/opcua-session-manager. It is possible to download/install
these versions without Composer. Possible dependencies are resolved
automatically.
Vendor php-opcua Package opcua-session-manager Short Description Session manager daemon for persistent OPC UA connections in PHP — Unix socket IPC, automatic session recovery, subscription transfer License
MIT Homepage https://github.com/php-opcua/opcua-session-manager
After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.
Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories.
In this case some credentials are needed to access such packages.
Please use the auth.json textarea to insert credentials, if a package is coming from a private repository.
You can look here for more information.
Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package opcua-session-manager
OPC UA PHP Client Session Manager
Keep OPC UA sessions alive across PHP requests. A daemon-based session manager for opcua-client that eliminates the 50–200ms connection handshake overhead on every HTTP request.
PHP's request/response model destroys all state — including network connections — at the end of every request. OPC UA requires a 5-step handshake (TCP → Hello/Ack → OpenSecureChannel → CreateSession → ActivateSession) that must be repeated every single time. This package solves the problem with a long-running ReactPHP daemon that holds sessions in memory, communicating with PHP applications via a lightweight local IPC protocol (Unix-domain socket on Linux/macOS, TCP loopback on Windows — auto-selected).
What you get:
Session persistence — OPC UA connections survive across HTTP requests. Pay the handshake cost once, reuse forever
Automatic session reuse — reconnecting to the same endpoint returns the existing session automatically, no manual session ID tracking needed
Drop-in replacement — ManagedClient implements the same OpcUaClientInterface as the direct Client. Swap one line, keep all your code
All OPC UA operations — browse, read, write, method calls, subscriptions, history, path resolution, type discovery
Auto-publish — daemon automatically publishes for sessions with active subscriptions and dispatches PSR-14 events (DataChangeReceived, AlarmActivated, etc.) — no manual publish loop needed
Auto-connect — daemon can auto-connect and register subscriptions at startup from pre-configured connection definitions
Automatic cleanup — expired sessions are disconnected after configurable inactivity timeout
Graceful shutdown — SIGTERM/SIGINT cleanly disconnect all active sessions
### Tested against the OPC UA reference implementation
The underlying [opcua-client](https://github.com/php-opcua/opcua-client) is integration-tested against **[UA-.NETStandard](https://github.com/OPCFoundation/UA-.NETStandard)** — the **reference implementation** maintained by the OPC Foundation, the organization that defines the OPC UA specification.
This session manager is additionally integration-tested via [uanetstandard-test-suite](https://github.com/php-opcua/uanetstandard-test-suite), verifying that all OPC UA operations work correctly when proxied through the daemon's IPC layer. Like [opcua-client](https://github.com/php-opcua/opcua-client), unit tests run cross-OS — **Linux, macOS, and Windows** across PHP 8.2–8.5 — on every push. Integration tests stay on Linux (Docker-hosted OPC UA servers).
### Runs on Linux, macOS, and Windows
The daemon and `ManagedClient` pick the right local IPC transport automatically — no platform-specific code in your application.
| Platform | Default transport | Endpoint URI |
|---|---|---|
| Linux / macOS | Unix-domain socket | `unix:///tmp/opcua-session-manager.sock` |
| Windows | TCP loopback | `tcp://127.0.0.1:9990` |
`PhpOpcua\SessionManager\Ipc\TransportFactory::defaultEndpoint()` reads `PHP_OS_FAMILY` at startup and returns the platform-appropriate URI; both sides agree without any config. You can override explicitly with `--socket tcp://127.0.0.1:8900` on the daemon or by passing the same URI to `new ManagedClient(...)`.
**Security posture is identical on every OS:**
- **Local origin only.** On Linux/macOS the Unix socket relies on filesystem permissions (`0600` by default). On Windows the TCP path is **loopback-only, enforced on both sides**: `TcpLoopbackTransport` (client) and `SessionManagerDaemon` (daemon) both refuse any bind/connect to a non-loopback host at construction time.
- **Authenticated every request.** The shared `authToken` is compared with `hash_equals()` on every IPC frame, regardless of transport.
- **Same wire format.** NDJSON-framed JSON, 16 MiB frame cap, 32-level JSON nesting cap, binary-mode streams (no `\n` ↔ `\r\n` translation on Windows).
Named pipes on Windows were evaluated and intentionally skipped — see the [ROADMAP](ROADMAP.md#windows-native-named-pipe-transport) for the full cost/benefit analysis.
Quick Start
1. Start the daemon
2. Use ManagedClient in your PHP code
That's it. Same API as the direct Client, but the session stays alive between requests.
See It in Action
Session persistence across requests
Browse and read
Read multiple values with fluent builder
Write to a PLC
Subscribe to data changes
Auto-publish (no manual publish loop)
When the daemon is started with an EventDispatcherInterface and autoPublish: true, it automatically calls publish() for sessions that have subscriptions. The client's PSR-14 events are dispatched to your listeners:
Secure connection with authentication
Tip: Skip setClientCertificate() and a self-signed cert gets auto-generated in memory (RSA for RSA policies, ECC for ECC policies) — perfect for quick tests or servers with auto-accept.
ECC disclaimer: ECC security policies (EccNistP256, EccNistP384, EccBrainpoolP256r1, EccBrainpoolP384r1) are fully implemented and tested against the OPC Foundation's UA-.NETStandard reference stack. However, no commercial OPC UA vendor supports ECC endpoints yet.
How It Works
Without the session manager:
With the session manager:
Features
Feature
What it does
Drop-in Replacement
ManagedClient implements the same OpcUaClientInterface as the direct Client
Session Persistence
OPC UA sessions survive across PHP requests via the daemon
Automatic Session Reuse
Reconnecting to the same endpoint returns the existing session instead of creating a new one
Any method registered by a custom ServiceModule on the daemon is callable via ManagedClient::$method(...) — typed args/results travel through a JSON wire codec with an explicit type allowlist
Cross-platform IPC
Auto-selects Unix-domain sockets on Linux/macOS and TCP loopback on Windows via TransportFactory. Endpoints accept unix://<path>, tcp://127.0.0.1:<port>, or a scheme-less Unix path (backwards-compatible). Loopback-only guard on both client and daemon sides
Auto-Retry
Automatic reconnect on connection failures
Auto-Batching
Transparent batching for readMulti()/writeMulti()
Auto-Publish
Daemon automatically calls publish() for sessions with subscriptions and dispatches PSR-14 events
Auto-Connect
Daemon connects and registers subscriptions at startup from pre-configured definitions
Automatic Cleanup
Expired sessions closed after inactivity timeout
Graceful Shutdown
SIGTERM/SIGINT disconnect all sessions cleanly
Daemon Options
Option
Default
Description
--socket <uri>
per-OS (unix:///tmp/opcua-session-manager.sock on Linux/macOS, tcp://127.0.0.1:9990 on Windows)
IPC endpoint URI. Accepts unix://<path>, tcp://127.0.0.1:<port>, or a scheme-less Unix path. TCP binds are loopback-only (construction-time guard refuses non-loopback hosts).
--timeout <sec>
600
Session inactivity timeout
--cleanup-interval <sec>
30
Expired session cleanup interval
--auth-token <token>
(none)
Shared secret for IPC authentication
--auth-token-file <path>
(none)
Read auth token from file (recommended)
--max-sessions <n>
100
Maximum concurrent sessions
--socket-mode <octal>
0600
Socket file permissions (applied only to Unix-socket endpoints)
--allowed-cert-dirs <dirs>
(none)
Comma-separated allowed certificate directories
Auth token priority: OPCUA_AUTH_TOKEN env var > --auth-token-file > --auth-token.
Security
The daemon implements multiple layers of security hardening:
IPC authentication — shared-secret token validated with timing-safe hash_equals()
Socket permissions — 0600 by default (owner-only)
Method whitelist — only 45 documented OPC UA operations allowed via query
Credential protection — passwords and private key paths stripped immediately after connection
Session limits — configurable maximum to prevent resource exhaustion
Full documentation is available in docs/. Highlights:
Section
Covers
Getting started — Why a session manager
Concepts, install, motivation
Daemon — As a service
CLI, config, transports, systemd/Supervisor
ManagedClient — Differences from direct client
API surface, lifecycle, session persistence
IPC — Direct interaction
Wire protocol, commands, JSON conversion
Extensibility — Third-party modules
Plugin points
Testing — Overview
Test infrastructure
Reference — Exceptions
Full API reference
Recipes — Debugging with netcat
Task-oriented walkthroughs
Testing
456+ tests (unit + integration). Integration tests run against uanetstandard-test-suite — a Docker-based OPC UA environment built on the OPC Foundation's UA-.NETStandard reference implementation — covering browse, read/write, subscriptions, method calls, path resolution, connection state, security, type serialization, session persistence, session recovery, and all module DTOs.
Note on coverage:SessionManagerDaemon is excluded from coverage reports because it runs as a separate long-lived process (ReactPHP event loop). PHP coverage tools (pcov, xdebug) only instrument the test runner process — they cannot track code executing inside a subprocess started via proc_open(). The daemon is fully tested by the integration suite, which starts a real daemon, sends IPC commands, and verifies responses. This is a known limitation shared by other daemon-based PHP packages (Laravel Horizon, Symfony Messenger, RoadRunner workers).
Docker-based OPC UA test servers (UA-.NETStandard) for integration testing
AI-Ready
This package ships with machine-readable documentation designed for AI coding assistants (Claude, Cursor, Copilot, ChatGPT, and others). Feed these files to your AI so it knows how to use the library correctly:
File
Purpose
llms.txt
Compact project summary — architecture, key classes, API signatures, and configuration. Optimized for LLM context windows with minimal token usage.
llms-full.txt
Comprehensive technical reference — every class, method, DTO, serialization format, IPC protocol, and daemon internal. For deep dives and complex questions.
llms-skills.md
Task-oriented recipes — step-by-step instructions for common tasks (install, configure, deploy, persist sessions, subscriptions, security, monitoring). Written so an AI can generate correct, production-ready code from a user's intent.
How to use: copy the files you need into your project's AI configuration directory. The files are located in vendor/php-opcua/opcua-session-manager/ after composer install.
Claude Code: reference per-session with --add-file vendor/php-opcua/opcua-session-manager/llms-skills.md
Cursor: copy into your project's rules directory — cp vendor/php-opcua/opcua-session-manager/llms-skills.md .cursor/rules/opcua-session-manager.md
GitHub Copilot: copy or append the content into your project's .github/copilot-instructions.md file (create the file and directory if they don't exist). Copilot reads this file automatically for project-specific context
Other tools: paste the content into your system prompt, project knowledge base, or context configuration
Roadmap
See ROADMAP.md for what's coming next.
Contributing
Contributions welcome — see CONTRIBUTING.md.
Versioning
This package follows the same version numbering as php-opcua/opcua-client. Each release of opcua-session-manager is aligned with the corresponding release of the client library to ensure full compatibility.
Changelog
See CHANGELOG.md.
License
MIT
All versions of opcua-session-manager with dependencies
Composer command for our command line client (download client)This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free.Standard composer command
The package php-opcua/opcua-session-manager contains the following files
Loading the files please wait ...
Loading please wait ...
Before you can download the PHP files, the dependencies should be resolved. This can take some minutes. Please be patient.
