I'm using the Symfony rate-limiter feature in my project. I use the full-yaml config integration with global and local strategies and the sliding window limiter. I use Redis to store the limiter metadata.

I realized that when I'm accessing to the limited part of my website, the rate limiter creates my Redis keys with a TTL double that of my configuration.

My config said:

        secured_area:
            policy: sliding_window
            limit: 10
            interval: '60 minutes'
            cache_pool: 'app.cache.secured_rate_limiter'

The TTL when first http call in my secured area:

In Symfony\Component\RateLimiter\Policy\SlidingWindow Symfony class, we can see:

The constructor that put the $this->windowEndAt to my 60-minutes interval (see config)

public function __construct(string $id, int $intervalInSeconds)
    {
        if ($intervalInSeconds < 1) {
            throw new InvalidIntervalException(sprintf('The interval must be positive integer, "%d" given.', $intervalInSeconds));
        }
        $this->id = $id;
        $this->intervalInSeconds = $intervalInSeconds;
        $this->windowEndAt = microtime(true) + $intervalInSeconds;
    }

... and in the same file, there is the getExpirationTime then used to get the Redis TTL in the StorageInterface:

public function getExpirationTime(): int
    {
        return (int) ($this->windowEndAt + $this->intervalInSeconds - microtime(true));
    }

So, here we are adding $this->windowEndAt (so, 60 mns, see constructor) with $this->intervalInSeconds (so, 60 mns also, see constructor).

So, it will put the Redis entries for 120 mns (see bellow screen) instead of the 60 mns defined in my YAML configuration.

Do you know why Symfony do that?