Symfony version(s) affected

6.4.8

Description

We use the symfony/rate-limiter in a rest-api to make sure users can call an endpoint only every 300 Seconds (5minutes). We store the corresponding keys for the rate-limiter in REDIS.

This works perfectly fine until the time change from summer time to winter time.
Directly in the night after the time switch at 2 o'clock at night the Keys in REDIS seems not to work anymore. So the time change causes some weird behavior that results in the rate-limiter blocking more request as it should.

Please note: the switch from winter time to summer time did not cause this problem.

After deleting all REDIS keys manually everything directly worked fine again, without any code change.

How to reproduce

• Configure the rate-limiter for an endpoint of an REST API with a 300 seconds limit.
• Store the keys for that in REDIS.
• Simulate the time change from summer time to winter time.
• Try to call the REST endpoint in a time gap lower than 300 seconds and higher than 300 seconds
• Monitor the behavior
• Should result in http429 even if the gap is higher than 300 seconds
• Delete the REDIS keys or restart redis to remove the keys
• Everything will work fine again

Possible Solution

• As a workaround removing the rate-limiter keys in REDIS solves the problem.

Additional Context

No response