[TT-16259] [Security] Unable to delete Session that uses a quota and is under heavy load [Plan A]

[shults]

Description

Related Issue

Motivation and Context

Test Coverage For This Change

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactoring or add test (improvements in base code or adds test coverage to functionality)
• Documentation updates or improvements.

Checklist

• I have reviewed the guidelines for contributing to this repository.
• Make sure you are requesting to pull a topic/feature/bugfix branch (right side). If PRing from your fork, don't come from your master!
• Make sure you are making a pull request against our master branch (left side). Also, it would be best if you started your change off our latest master.
• My change requires a change to the documentation.
  • I have manually updated the README(s)/documentation accordingly.
  • If you've changed APIs, describe what needs to be updated in the documentation.
• I have updated the documentation accordingly.
• Modules and vendor dependencies have been updated; run go mod tidy && go mod vendor
• When updating library version must provide reason/explanation for this update.
• I have added tests to cover my changes.
• All new and existing tests passed.
• Check your code additions will not fail linting checks:
  • gofmt -s -w .
  • go vet ./...

Ticket Details

TT-16259

Status	In Code Review
Summary	[Security] Unable to delete Session that uses a quota and is under heavy load

Generated at: 2026-06-03 12:15:35

[github-actions]

CLA Assistant Lite bot:
Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request}

[probelabs]

This PR introduces a new atomic SetIfExist operation to the KeyValue interface. This change is a foundational step to address a race condition that prevents the reliable deletion of sessions under heavy load, as described in ticket TT-16259.

Files Changed Analysis

The changes are primarily focused on the temporal storage library:

• temporal/model/types.go: The KeyValue interface is extended with the new SetIfExist method.
• temporal/internal/driver/redisv9/keyvalue.go: The Redis driver implements SetIfExist using the atomic SETXX command, which ensures that a key is only updated if it already exists.
• temporal/keyvalue/keyvalue_test.go: A new test suite is added to validate the functionality of SetIfExist, ensuring it correctly handles existing and non-existent keys.
• temporal/Taskfile.yml: The mockery dependency is updated.
• temporal/tempmocks/: All mock files are regenerated to reflect the interface changes and the updated mockery version.

Architecture & Impact Assessment

• What this PR accomplishes: It introduces a new atomic storage operation, SetIfExist, to prevent a race condition where a session key could be recreated after deletion, making deletion unreliable under high concurrency.
• Key technical changes: A new method is added to the KeyValue interface and implemented for the Redis driver using the native SETXX command, which guarantees atomicity.
• Affected system components: The primary impact is on the temporal storage abstraction layer. Services that use this library for session and quota management are the intended consumers of this new functionality, although the implementation of its usage is outside the scope of this PR.

graph TD
    subgraph Application Logic
        A[Session/Quota Manager]
    end
    subgraph "Storage Abstraction (temporal)"
        B(KeyValue Interface)
    end
    subgraph Storage Driver
        C[RedisV9 Driver]
    end

    A -- Calls --> B
    C -- Implements --> B

    subgraph "Changes in this PR"
        direction LR
        B_New["KeyValue.SetIfExist() added"]
        C_New["Implements SetIfExist() <br> using Redis SETXX"]
    end

    B -- Contains --> B_New
    C -- Contains --> C_New

    style B_New fill:#cce5ff,stroke:#333
    style C_New fill:#cce5ff,stroke:#333

Loading

Scope Discovery & Context Expansion

This PR is foundational; it provides the tool (SetIfExist) but does not include its application. The PR title indicates this is "Plan A" for fixing a session deletion issue, implying that a subsequent change in a consuming service is required to call this new method.

To understand the full context of the fix, further exploration is needed:

• Code Search: Identify where SetIfExist will be called in the application's session and quota management logic. This would involve searching for consumers of the storage library.
• Risk Analysis: Search for other usages of KeyValue.Set across the codebase that might indicate similar race conditions and could be candidates for replacement with SetIfExist.

Metadata

• Review Effort: 2 / 5
• Primary Label: bug

---

Powered by Visor from Probelabs

Last updated: 2026-06-03T12:16:41.715Z | Triggered by: pr_updated | Commit: efe949b

💡 TIP: You can chat with Visor using /visor ask <your question>

[probelabs]

✅ Security Check Passed

No security issues found – changes LGTM.

✅ Architecture Check Passed

No architecture issues found – changes LGTM.

✅ Performance Check Passed

No performance issues found – changes LGTM.

---

Powered by Visor from Probelabs

Last updated: 2026-06-03T12:16:15.653Z | Triggered by: pr_updated | Commit: efe949b

💡 TIP: You can chat with Visor using /visor ask <your question>

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud