dalli 3.2.8 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c7d8b3dd9e76a224d876f901dc44c3cf8016326209df3efc7fe522053a4a3c22
-  data.tar.gz: 0ced058a6a170cadd4b74268de5417c4a1e700baf5767fc8f260db9477e2b735
+  metadata.gz: 86e39b2869b7c916472e88e6cbbfb6aa1f6533aa35c9e1f1c704cffcbc680f8a
+  data.tar.gz: bf2e56610c6bae187d561ccf09105e6f5b4a29eed1308d089745ef22cf5b673b
 SHA512:
-  metadata.gz: 3e316a4d60c3327cecec46a0a34c52536130199124035c375bf1933676d85fbf09e99a985ae44faf4e27b0fb1f8b8faef1656a812e6bdfc387406c5e18874461
-  data.tar.gz: bce3e0e41c280e99889bea6835c1b2f701cbcb5e4f398203ae2b4d6ebc05cdc505ee5955365715f8e00441d69701ceac84de37a98eac8581d003d1ab411a33e9
+  metadata.gz: e2faab814abb4b25a53d87048f7e4e81e49c609bd64725cb18607670110da3d5b8038544598c44575831b9038500f9d8220a56ec28c16b9517a21d442212d12b
+  data.tar.gz: 3e5a7c326c908d72d2d8ce2211b27f67acebbbf97c279c5faf3ba2914ec7409df7f259a9082d82903cc9ae6b6716a137994aba849321546b8d3d3a35f8f7f5af

data/CHANGELOG.md

@@ -1,8 +1,30 @@
 Dalli Changelog
 =====================
 
-Unreleased
-==========
+4.0.0
+==========
+
+BREAKING CHANGES:
+
+- Require Ruby 3.1+ (dropped support for Ruby 2.6, 2.7, and 3.0)
+- Removed `Dalli::Server` deprecated alias - use `Dalli::Protocol::Binary` instead
+- Removed `:compression` option - use `:compress` instead
+- Removed `close_on_fork` method - use `reconnect_on_fork` instead
+
+Other changes:
+
+- Add security warning when using default Marshal serializer (silence with `silence_marshal_warning: true`)
+- Add defense-in-depth input validation for stats command arguments
+- Add `string_fastpath` option to skip serialization for simple strings (byroot)
+- Meta protocol set performance improvement (danmayer)
+- Fix connection_pool 3.0 compatibility for Rack session store
+- Fix session recovery after deletion (stengineering0)
+- Fix cannot read response data included terminator `\r\n` when use meta protocol (matsubara0507)
+- Support SERVER_ERROR response from Memcached as per the [memcached spec](https://github.com/memcached/memcached/blob/e43364402195c8e822bb8f88755a60ab8bbed62a/doc/protocol.txt#L172) (grcooper)
+- Update Socket timeout handling to use Socket#timeout= when available (nickamorim)
+- Serializer: reraise all .load errors as UnmarshalError (olleolleolle)
+- Reconnect gracefully when a fork is detected instead of crashing (PatrickTulskie)
+- Update CI to test against memcached 1.6.40
 
 3.2.8
 ==========

data/Gemfile

@@ -5,7 +5,9 @@ source 'https://rubygems.org'
 gemspec
 
 group :development, :test do
+  gem 'cgi'
   gem 'connection_pool'
+  gem 'debug' unless RUBY_PLATFORM == 'java'
   gem 'minitest', '~> 5'
   gem 'rack', '~> 2.0', '>= 2.2.0'
   gem 'rake', '~> 13.0'

data/lib/dalli/client.rb

@@ -155,8 +155,8 @@ module Dalli
     # - nil if the key did not exist.
     # - false if the value was changed by someone else.
     # - true if the value was successfully updated.
-    def cas(key, ttl = nil, req_options = nil, &block)
-      cas_core(key, false, ttl, req_options, &block)
+    def cas(key, ttl = nil, req_options = nil, &)
+      cas_core(key, false, ttl, req_options, &)
     end
 
     ##
@@ -166,8 +166,8 @@ module Dalli
     # Returns:
     # - false if the value was changed by someone else.
     # - true if the value was successfully updated.
-    def cas!(key, ttl = nil, req_options = nil, &block)
-      cas_core(key, true, ttl, req_options, &block)
+    def cas!(key, ttl = nil, req_options = nil, &)
+      cas_core(key, true, ttl, req_options, &)
     end
 
     ##

data/lib/dalli/key_manager.rb

@@ -30,7 +30,7 @@ module Dalli
 
     def initialize(client_options)
       @key_options =
-        DEFAULTS.merge(client_options.select { |k, _| OPTIONS.include?(k) })
+        DEFAULTS.merge(client_options.slice(*OPTIONS))
       validate_digest_class_option(@key_options)
 
       @namespace = namespace_from_options
@@ -77,7 +77,7 @@ module Dalli
     def namespace_regexp
       return /\A#{Regexp.escape(evaluate_namespace)}:/ if namespace.is_a?(Proc)
 
-      @namespace_regexp ||= /\A#{Regexp.escape(namespace)}:/.freeze unless namespace.nil?
+      @namespace_regexp ||= /\A#{Regexp.escape(namespace)}:/ unless namespace.nil?
     end
 
     def validate_digest_class_option(opts)

data/lib/dalli/protocol/base.rb

@@ -154,6 +154,8 @@ module Dalli
       private
 
       ALLOWED_QUIET_OPS = %i[add replace set delete incr decr append prepend flush noop].freeze
+      private_constant :ALLOWED_QUIET_OPS
+
       def verify_allowed_quiet!(opkey)
         return if ALLOWED_QUIET_OPS.include?(opkey)
 

data/lib/dalli/protocol/binary.rb

@@ -119,6 +119,7 @@ module Dalli
       # if the key doesn't already exist, rather than
       # setting the initial value
       NOT_FOUND_EXPIRY = 0xFFFFFFFF
+      private_constant :NOT_FOUND_EXPIRY
 
       def decr_incr(opkey, key, count, ttl, initial)
         expiry = initial ? TtlSanitizer.sanitize(ttl) : NOT_FOUND_EXPIRY

data/lib/dalli/protocol/connection_manager.rb

@@ -100,13 +100,13 @@ module Dalli
 
       def confirm_ready!
         close if request_in_progress?
-        close_on_fork if fork_detected?
+        reconnect_on_fork if fork_detected?
       end
 
       def confirm_in_progress!
         raise '[Dalli] No request in progress. This may be a bug in Dalli.' unless request_in_progress?
 
-        close_on_fork if fork_detected?
+        reconnect_on_fork if fork_detected?
       end
 
       def close
@@ -212,20 +212,18 @@ module Dalli
       end
 
       def log_warn_message(err_or_string)
-        detail = err_or_string.is_a?(String) ? err_or_string : "#{err_or_string.class}: #{err_or_string.message}"
         Dalli.logger.warn do
           detail = err_or_string.is_a?(String) ? err_or_string : "#{err_or_string.class}: #{err_or_string.message}"
           "#{name} failed (count: #{@fail_count}) #{detail}"
         end
       end
 
-      def close_on_fork
+      def reconnect_on_fork
         message = 'Fork detected, re-connecting child process...'
         Dalli.logger.info { message }
-        # Close socket on a fork, setting us up for reconnect
-        # on next request.
+        # Close socket on a fork and reconnect immediately
         close
-        raise Dalli::NetworkError, message
+        establish_connection
       end
 
       def fork_detected?

data/lib/dalli/protocol/meta/key_regularizer.rb

@@ -10,7 +10,7 @@ module Dalli
       # memcached supports the use of base64 hashes for keys containing
       # whitespace or non-ASCII characters, provided the 'b' flag is included in the request.
       class KeyRegularizer
-        WHITESPACE = /\s/.freeze
+        WHITESPACE = /\s/
 
         def self.encode(key)
           return [key, false] if key.ascii_only? && !WHITESPACE.match(key)

data/lib/dalli/protocol/meta/request_formatter.rb

@@ -13,7 +13,6 @@ module Dalli
         # and introducing an intermediate object seems like overkill.
         #
         # rubocop:disable Metrics/CyclomaticComplexity
-        # rubocop:disable Metrics/MethodLength
         # rubocop:disable Metrics/ParameterLists
         # rubocop:disable Metrics/PerceivedComplexity
         def self.meta_get(key:, value: true, return_cas: false, ttl: nil, base64: false, quiet: false)
@@ -36,8 +35,6 @@ module Dalli
           cmd << " M#{mode_to_token(mode)}"
           cmd << ' q' if quiet
           cmd << TERMINATOR
-          cmd << value
-          cmd + TERMINATOR
         end
 
         def self.meta_delete(key:, cas: nil, ttl: nil, base64: false, quiet: false)
@@ -62,7 +59,6 @@ module Dalli
           cmd + TERMINATOR
         end
         # rubocop:enable Metrics/CyclomaticComplexity
-        # rubocop:enable Metrics/MethodLength
         # rubocop:enable Metrics/ParameterLists
         # rubocop:enable Metrics/PerceivedComplexity
 
@@ -81,13 +77,16 @@ module Dalli
           cmd + TERMINATOR
         end
 
+        ALLOWED_STATS_ARGS = [nil, '', 'items', 'slabs', 'settings', 'reset'].freeze
+
         def self.stats(arg = nil)
+          raise ArgumentError, "Invalid stats argument: #{arg.inspect}" unless ALLOWED_STATS_ARGS.include?(arg)
+
           cmd = +'stats'
-          cmd << " #{arg}" if arg
+          cmd << " #{arg}" if arg && !arg.empty?
           cmd + TERMINATOR
         end
 
-        # rubocop:disable Metrics/MethodLength
         def self.mode_to_token(mode)
           case mode
           when :add
@@ -102,7 +101,6 @@ module Dalli
             'S'
           end
         end
-        # rubocop:enable Metrics/MethodLength
 
         def self.cas_string(cas)
           cas = parse_to_64_bit_int(cas, nil)

data/lib/dalli/protocol/meta/response_processor.rb

@@ -21,6 +21,7 @@ module Dalli
         STAT = 'STAT'
         VA = 'VA'
         VERSION = 'VERSION'
+        SERVER_ERROR = 'SERVER_ERROR'
 
         def initialize(io_source, value_marshaller)
           @io_source = io_source
@@ -32,7 +33,7 @@ module Dalli
           return cache_nils ? ::Dalli::NOT_FOUND : nil if tokens.first == EN
           return true unless tokens.first == VA
 
-          @value_marshaller.retrieve(read_line, bitflags_from_tokens(tokens))
+          @value_marshaller.retrieve(read_data(tokens[1].to_i), bitflags_from_tokens(tokens))
         end
 
         def meta_get_with_value_and_cas
@@ -42,7 +43,7 @@ module Dalli
           cas = cas_from_tokens(tokens)
           return [nil, cas] unless tokens.first == VA
 
-          [@value_marshaller.retrieve(read_line, bitflags_from_tokens(tokens)), cas]
+          [@value_marshaller.retrieve(read_data(tokens[1].to_i), bitflags_from_tokens(tokens)), cas]
         end
 
         def meta_get_without_value
@@ -167,9 +168,12 @@ module Dalli
 
         def error_on_unexpected!(expected_codes)
           tokens = next_line_to_tokens
-          raise Dalli::DalliError, "Response error: #{tokens.first}" unless expected_codes.include?(tokens.first)
 
-          tokens
+          return tokens if expected_codes.include?(tokens.first)
+
+          raise Dalli::ServerError, tokens.join(' ').to_s if tokens.first == SERVER_ERROR
+
+          raise Dalli::DalliError, "Response error: #{tokens.first}"
         end
 
         def bitflags_from_tokens(tokens)
@@ -205,6 +209,10 @@ module Dalli
           line = read_line
           line&.split || []
         end
+
+        def read_data(data_size)
+          @io_source.read(data_size + TERMINATOR.bytesize)&.chomp!(TERMINATOR)
+        end
       end
     end
   end

data/lib/dalli/protocol/meta.rb

@@ -85,6 +85,8 @@ module Dalli
                                         bitflags: bitflags, cas: cas,
                                         ttl: ttl, mode: mode, quiet: quiet?, base64: base64)
         write(req)
+        write(value)
+        write(TERMINATOR)
       end
       # rubocop:enable Metrics/ParameterLists
 
@@ -105,6 +107,8 @@ module Dalli
         req = RequestFormatter.meta_set(key: encoded_key, value: value, base64: base64,
                                         cas: cas, ttl: ttl, mode: mode, quiet: quiet?)
         write(req)
+        write(value)
+        write(TERMINATOR)
       end
       # rubocop:enable Metrics/ParameterLists
 

data/lib/dalli/protocol/server_config_parser.rb

@@ -16,7 +16,7 @@ module Dalli
       # can limit character set to LDH + '.'.  Hex digit section
       # is there to support IPv6 addresses, which need to be specified with
       # a bounding []
-      SERVER_CONFIG_REGEXP = /\A(\[([\h:]+)\]|[^:]+)(?::(\d+))?(?::(\d+))?\z/.freeze
+      SERVER_CONFIG_REGEXP = /\A(\[([\h:]+)\]|[^:]+)(?::(\d+))?(?::(\d+))?\z/
 
       DEFAULT_PORT = 11_211
       DEFAULT_WEIGHT = 1

data/lib/dalli/protocol/ttl_sanitizer.rb

@@ -31,7 +31,7 @@ module Dalli
         return ttl_as_i if ttl_as_i > now # Already a timestamp
 
         Dalli.logger.debug "Expiration interval (#{ttl_as_i}) too long for Memcached " \
-                           'and too short to be a future timestamp,' \
+                           'and too short to be a future timestamp, ' \
                            'converting to an expiration timestamp'
         now + ttl_as_i
       end

data/lib/dalli/protocol/value_compressor.rb

@@ -25,17 +25,8 @@ module Dalli
       FLAG_COMPRESSED = 0x2
 
       def initialize(client_options)
-        # Support the deprecated compression option, but don't allow it to override
-        # an explicit compress
-        # Remove this with 4.0
-        if client_options.key?(:compression) && !client_options.key?(:compress)
-          Dalli.logger.warn "DEPRECATED: Dalli's :compression option is now just 'compress: true'.  " \
-                            'Please update your configuration.'
-          client_options[:compress] = client_options.delete(:compression)
-        end
-
         @compression_options =
-          DEFAULTS.merge(client_options.select { |k, _| OPTIONS.include?(k) })
+          DEFAULTS.merge(client_options.slice(*OPTIONS))
       end
 
       def store(value, req_options, bitflags)
@@ -47,7 +38,7 @@ module Dalli
       end
 
       def retrieve(value, bitflags)
-        compressed = (bitflags & FLAG_COMPRESSED) != 0
+        compressed = bitflags.anybits?(FLAG_COMPRESSED)
         compressed ? compressor.decompress(value) : value
 
       # TODO: We likely want to move this rescue into the Dalli::Compressor / Dalli::GzipCompressor

data/lib/dalli/protocol/value_marshaller.rb

@@ -27,7 +27,7 @@ module Dalli
         @value_compressor = ValueCompressor.new(client_options)
 
         @marshal_options =
-          DEFAULTS.merge(client_options.select { |k, _| OPTIONS.include?(k) })
+          DEFAULTS.merge(client_options.slice(*OPTIONS))
       end
 
       def store(key, value, options = nil)

data/lib/dalli/protocol/value_serializer.rb

@@ -18,57 +18,53 @@ module Dalli
       # https://www.hjp.at/zettel/m/memcached_flags.rxml
       # Looks like most clients use bit 0 to indicate native language serialization
       FLAG_SERIALIZED = 0x1
+      FLAG_UTF8 = 0x2
+
+      # Class variable to track whether the Marshal warning has been logged
+      @@marshal_warning_logged = false # rubocop:disable Style/ClassVars
 
       attr_accessor :serialization_options
 
       def initialize(protocol_options)
         @serialization_options =
-          DEFAULTS.merge(protocol_options.select { |k, _| OPTIONS.include?(k) })
+          DEFAULTS.merge(protocol_options.slice(*OPTIONS))
+        warn_if_marshal_default(protocol_options) unless protocol_options[:silence_marshal_warning]
       end
 
       def store(value, req_options, bitflags)
-        do_serialize = !(req_options && req_options[:raw])
-        store_value = do_serialize ? serialize_value(value) : value.to_s
-        bitflags |= FLAG_SERIALIZED if do_serialize
-        [store_value, bitflags]
+        if req_options
+          return [value.to_s, bitflags] if req_options[:raw]
+
+          # If the value is a simple string, going through serialization is costly
+          # for no benefit other than preserving encoding.
+          # Assuming most strings are either UTF-8 or BINARY we can just store
+          # that information in the bitflags.
+          if req_options[:string_fastpath] && value.instance_of?(String)
+            case value.encoding
+            when Encoding::BINARY
+              return [value, bitflags]
+            when Encoding::UTF_8
+              return [value, bitflags | FLAG_UTF8]
+            end
+          end
+        end
+
+        [serialize_value(value), bitflags | FLAG_SERIALIZED]
       end
 
-      # TODO: Some of these error messages need to be validated.  It's not obvious
-      # that all of them are actually generated by the invoked code
-      # in current systems
-      # rubocop:disable Layout/LineLength
-      TYPE_ERR_REGEXP = %r{needs to have method `_load'|exception class/object expected|instance of IO needed|incompatible marshal file format}.freeze
-      ARGUMENT_ERR_REGEXP = /undefined class|marshal data too short/.freeze
-      NAME_ERR_STR = 'uninitialized constant'
-      # rubocop:enable Layout/LineLength
-
       def retrieve(value, bitflags)
-        serialized = (bitflags & FLAG_SERIALIZED) != 0
-        serialized ? serializer.load(value) : value
-      rescue TypeError => e
-        filter_type_error(e)
-      rescue ArgumentError => e
-        filter_argument_error(e)
-      rescue NameError => e
-        filter_name_error(e)
-      end
-
-      def filter_type_error(err)
-        raise err unless TYPE_ERR_REGEXP.match?(err.message)
-
-        raise UnmarshalError, "Unable to unmarshal value: #{err.message}"
-      end
-
-      def filter_argument_error(err)
-        raise err unless ARGUMENT_ERR_REGEXP.match?(err.message)
-
-        raise UnmarshalError, "Unable to unmarshal value: #{err.message}"
-      end
-
-      def filter_name_error(err)
-        raise err unless err.message.include?(NAME_ERR_STR)
-
-        raise UnmarshalError, "Unable to unmarshal value: #{err.message}"
+        serialized = bitflags.anybits?(FLAG_SERIALIZED)
+        if serialized
+          begin
+            serializer.load(value)
+          rescue StandardError
+            raise UnmarshalError, 'Unable to unmarshal value'
+          end
+        elsif bitflags.anybits?(FLAG_UTF8)
+          value.force_encoding(Encoding::UTF_8)
+        else
+          value
+        end
       end
 
       def serializer
@@ -86,6 +82,19 @@ module Dalli
         exc.set_backtrace e.backtrace
         raise exc
       end
+
+      private
+
+      def warn_if_marshal_default(protocol_options)
+        return if protocol_options.key?(:serializer)
+        return if @@marshal_warning_logged
+
+        Dalli.logger.warn 'SECURITY WARNING: Dalli is using Marshal for serialization. ' \
+                          'Marshal can execute arbitrary code during deserialization. ' \
+                          'If your memcached server could be compromised, consider using ' \
+                          'a safer serializer like JSON: Dalli::Client.new(servers, serializer: JSON)'
+        @@marshal_warning_logged = true # rubocop:disable Style/ClassVars
+      end
     end
   end
 end

data/lib/dalli/socket.rb

@@ -52,7 +52,7 @@ module Dalli
 
       FILTERED_OUT_OPTIONS = %i[username password].freeze
       def logged_options
-        options.reject { |k, _| FILTERED_OUT_OPTIONS.include? k }
+        options.except(*FILTERED_OUT_OPTIONS)
       end
     end
 
@@ -63,6 +63,7 @@ module Dalli
     ##
     class SSLSocket < ::OpenSSL::SSL::SSLSocket
       include Dalli::Socket::InstanceMethods
+
       def options
         io.options
       end
@@ -85,6 +86,7 @@ module Dalli
     ##
     class TCP < TCPSocket
       include Dalli::Socket::InstanceMethods
+
       # options - supports enhanced logging in the case of a timeout
       attr_accessor :options
 
@@ -117,19 +119,33 @@ module Dalli
       end
 
       def self.init_socket_options(sock, options)
+        configure_tcp_options(sock, options)
+        configure_socket_buffers(sock, options)
+        configure_timeout(sock, options)
+      end
+
+      def self.configure_tcp_options(sock, options)
         sock.setsockopt(::Socket::IPPROTO_TCP, ::Socket::TCP_NODELAY, true)
         sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_KEEPALIVE, true) if options[:keepalive]
+      end
+
+      def self.configure_socket_buffers(sock, options)
         sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_RCVBUF, options[:rcvbuf]) if options[:rcvbuf]
         sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_SNDBUF, options[:sndbuf]) if options[:sndbuf]
+      end
 
+      def self.configure_timeout(sock, options)
         return unless options[:socket_timeout]
 
-        seconds, fractional = options[:socket_timeout].divmod(1)
-        microseconds = fractional * 1_000_000
-        timeval = [seconds, microseconds].pack('l_2')
+        if sock.respond_to?(:timeout=)
+          sock.timeout = options[:socket_timeout]
+        else
+          seconds, fractional = options[:socket_timeout].divmod(1)
+          timeval = [seconds, fractional * 1_000_000].pack('l_2')
 
-        sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_RCVTIMEO, timeval)
-        sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_SNDTIMEO, timeval)
+          sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_RCVTIMEO, timeval)
+          sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_SNDTIMEO, timeval)
+        end
       end
 
       def self.wrapping_ssl_socket(tcp_socket, host, ssl_context)
@@ -168,9 +184,16 @@ module Dalli
           Timeout.timeout(options[:socket_timeout]) do
             sock = new(path)
             sock.options = { path: path }.merge(options)
+            init_socket_options(sock, options)
             sock
           end
         end
+
+        def self.init_socket_options(sock, options)
+          # https://man7.org/linux/man-pages/man7/unix.7.html
+          sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_SNDBUF, options[:sndbuf]) if options[:sndbuf]
+          sock.timeout = options[:socket_timeout] if options[:socket_timeout] && sock.respond_to?(:timeout=)
+        end
       end
     end
   end

data/lib/dalli/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Dalli
-  VERSION = '3.2.8'
+  VERSION = '4.0.0'
 
   MIN_SUPPORTED_MEMCACHED_VERSION = '1.4'
 end

data/lib/dalli.rb

@@ -4,8 +4,6 @@
 # Namespace for all Dalli code.
 ##
 module Dalli
-  autoload :Server, 'dalli/server'
-
   # generic error
   class DalliError < RuntimeError; end
 
@@ -27,6 +25,9 @@ module Dalli
   # operation is not permitted in a multi block
   class NotPermittedMultiOpError < DalliError; end
 
+  # raised when Memcached response with a SERVER_ERROR
+  class ServerError < DalliError; end
+
   # Implements the NullObject pattern to store an application-defined value for 'Key not found' responses.
   class NilObject; end # rubocop:disable Lint/EmptyClass
   NOT_FOUND = NilObject.new

data/lib/rack/session/dalli.rb

@@ -9,6 +9,10 @@ module Rack
   module Session
     # Rack::Session::Dalli provides memcached based session management.
     class Dalli < Abstract::PersistedSecure
+      class MissingSessionError < StandardError; end
+
+      RACK_SESSION_PERSISTED = 'rack.session.persisted'
+
       attr_reader :data
 
       # Don't freeze this until we fix the specs/implementation
@@ -70,23 +74,37 @@ module Rack
         @data = build_data_source(options)
       end
 
-      def find_session(_req, sid)
+      def call(*_args)
+        super
+      rescue MissingSessionError
+        [401, {}, ['Wrong session ID']]
+      end
+
+      def find_session(req, sid)
         with_dalli_client([nil, {}]) do |dc|
           existing_session = existing_session_for_sid(dc, sid)
-          return [sid, existing_session] unless existing_session.nil?
+          if existing_session.nil?
+            sid = create_sid_with_empty_session(dc)
+            existing_session = {}
+          end
 
-          [create_sid_with_empty_session(dc), {}]
+          update_session_persisted_data(req, { id: sid })
+          return [sid, existing_session]
         end
       end
 
-      def write_session(_req, sid, session, options)
+      def write_session(req, sid, session, options)
         return false unless sid
 
         key = memcached_key_from_sid(sid)
         return false unless key
 
         with_dalli_client(false) do |dc|
-          dc.set(memcached_key_from_sid(sid), session, ttl(options[:expire_after]))
+          write_session_safely!(
+            dc, sid, session_persisted_data(req),
+            write_args: [memcached_key_from_sid(sid), session, ttl(options[:expire_after])]
+          )
+
           sid
         end
       end
@@ -139,12 +157,21 @@ module Rack
           ::Dalli::Client.new(server_configurations, client_options)
         else
           ensure_connection_pool_added!
-          ConnectionPool.new(pool_options) do
+          ConnectionPool.new(**pool_options) do
             ::Dalli::Client.new(server_configurations, client_options.merge(threadsafe: false))
           end
         end
       end
 
+      def write_session_safely!(dalli_client, sid, persisted_data, write_args:)
+        if persisted_data && persisted_data[:id] == sid # That means that we update the existing session
+          # Override the session only if it still exists in the store!
+          raise MissingSessionError unless dalli_client.replace(*write_args)
+        else
+          dalli_client.set(*write_args)
+        end
+      end
+
       def extract_dalli_options(options)
         raise 'Rack::Session::Dalli no longer supports the :cache option.' if options[:cache]
 
@@ -175,8 +202,8 @@ module Rack
         raise e
       end
 
-      def with_dalli_client(result_on_error = nil, &block)
-        @data.with(&block)
+      def with_dalli_client(result_on_error = nil, &)
+        @data.with(&)
       rescue ::Dalli::DalliError, Errno::ECONNREFUSED
         raise if $ERROR_INFO.message.include?('undefined class')
 
@@ -190,6 +217,14 @@ module Rack
       def ttl(expire_after)
         expire_after.nil? ? 0 : expire_after + 1
       end
+
+      def session_persisted_data(req)
+        req.get_header RACK_SESSION_PERSISTED
+      end
+
+      def update_session_persisted_data(req, data)
+        req.set_header RACK_SESSION_PERSISTED, data
+      end
     end
   end
 end

metadata

@@ -1,16 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: dalli
 version: !ruby/object:Gem::Version
-  version: 3.2.8
+  version: 4.0.0
 platform: ruby
 authors:
 - Peter M. Goldstein
 - Mike Perham
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-12 00:00:00.000000000 Z
-dependencies: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: High performance memcached client for Ruby
 email:
 - peter.m.goldstein@gmail.com
@@ -50,7 +63,6 @@ files:
 - lib/dalli/protocol/value_marshaller.rb
 - lib/dalli/protocol/value_serializer.rb
 - lib/dalli/ring.rb
-- lib/dalli/server.rb
 - lib/dalli/servers_arg_normalizer.rb
 - lib/dalli/socket.rb
 - lib/dalli/version.rb
@@ -62,7 +74,6 @@ metadata:
   bug_tracker_uri: https://github.com/petergoldstein/dalli/issues
   changelog_uri: https://github.com/petergoldstein/dalli/blob/main/CHANGELOG.md
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -70,15 +81,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.6'
+      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.6
-signing_key:
+rubygems_version: 4.0.3
 specification_version: 4
 summary: High performance memcached client for Ruby
 test_files: []

data/lib/dalli/server.rb

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-module Dalli # rubocop:disable Style/Documentation
-  warn 'Dalli::Server is deprecated, use Dalli::Protocol::Binary instead'
-  Server = Protocol::Binary
-end