Level 58
Laravel's rate limiter, as implemented in its core (specifically in the Illuminate\Cache\RateLimiter class), primarily uses the Fixed Window Counter algorithm.
How it works in Laravel
- When you attempt an action that is rate-limited, Laravel increments a counter in the cache (e.g., Redis, Memcached, or file cache) for a given key.
- This counter is associated with a fixed time window (e.g., 1 minute).
- If the counter exceeds the allowed number of attempts within that window, further attempts are blocked until the window resets.
Here’s a simplified version of what happens internally:
if (cache()->has($key)) {
cache()->increment($key);
} else {
cache()->put($key, 1, $decaySeconds);
}
$keyis unique per user/action.$decaySecondsis the length of the window (e.g., 60 seconds).
Reference
You can see this in the Illuminate\Cache\RateLimiter source code, especially in the hit() and tooManyAttempts() methods.
Summary
Yes, Laravel uses the Fixed Window Counter algorithm for its default rate limiting. However, you can customize or extend the behavior if you need more advanced algorithms (like sliding window or token bucket) by implementing your own logic.
1 like