build(deps): bump anyhow from 1.0.97 to 1.0.98 (#526 )

Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.97 to 1.0.98. - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](https://github.com/dtolnay/anyhow/compare/1.0.97...1.0.98) --- updated-dependencies: - dependency-name: anyhow dependency-version: 1.0.98 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
chore: update deps
2025-04-21 17:46:49 +02:00 · 2025-04-16 15:19:05 +00:00 · 2025-04-09 21:52:16 +01:00 · 2025-04-05 21:20:00 +00:00 · 2025-04-03 16:34:01 +00:00 · 2025-03-31 16:44:02 +00:00
105 changed files with 52731 additions and 1214 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -3,35 +3,41 @@ name: bug report
 about: create a bug report
 ---

-Your issue may already be reported!
-Please search on the [actix-extras issue tracker](https://github.com/actix/actix-extras/issues) before creating one.
+Your issue may already be reported! Please search on the [actix-extras issue tracker](https://github.com/actix/actix-extras/issues) before creating one.

 ## Expected Behavior
+
 <!--- If you're describing a bug, tell us what should happen -->
 <!--- If you're suggesting a change/improvement, tell us how it should work -->

 ## Current Behavior
+
 <!--- If describing a bug, tell us what happens instead of the expected behavior -->
 <!--- If suggesting a change/improvement, explain the difference from current behavior -->

 ## Possible Solution
+
 <!--- Not obligatory, but suggest a fix/reason for the bug, -->
 <!--- or ideas how to implement the addition or change -->

 ## Steps to Reproduce (for bugs)
+
 <!--- Provide a link to a live example, or an unambiguous set of steps to -->
 <!--- reproduce this bug. Include code to reproduce, if relevant -->
+
 1.
 2.
 3.
 4.

 ## Context
+
 <!--- How has this issue affected you? What are you trying to accomplish? -->
 <!--- Providing context helps us come up with a solution that is most useful in the real world -->

 ## Your Environment
+
 <!--- Include as many relevant details about the environment you experienced the bug in -->

-* Rust Version (I.e, output of `rustc -V`):
-* Actix-* crate(s) Version:
+- Rust version (output of `rustc -V`):
+- `actix-*` crate versions:
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -2,12 +2,14 @@
 <!-- Please fill out the following to make our reviews easy. -->

 ## PR Type
+
 <!-- What kind of change does this PR make? -->
 <!-- Bug Fix / Feature / Refactor / Code Style / Other -->
+
 INSERT_PR_TYPE

-
 ## PR Checklist
+
 <!-- Check your PR fulfills the following items. -->
 <!-- For draft PRs check the boxes as you complete them. -->

@ -16,11 +18,10 @@ INSERT_PR_TYPE
 - [ ] A changelog entry has been made for the appropriate packages.
 - [ ] Format code with the nightly rustfmt (`cargo +nightly fmt`).

-
 ## Overview
+
 <!-- Describe the current and new behavior. -->
 <!-- Emphasize any breaking changes. -->

-
 <!-- If this PR fixes or closes an issue, reference it here. -->
 <!-- Closes #000 -->
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,10 +1,10 @@
 version: 2
 updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
  - package-ecosystem: cargo
    directory: /
    schedule:
      interval: weekly
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: weekly
--- a/.github/workflows/ci-post-merge.yml
+++ b/.github/workflows/ci-post-merge.yml
@ -31,13 +31,14 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.11.0
        with:
          toolchain: nightly

-      - uses: taiki-e/install-action@v2.21.3
+      - name: Install cargo-hack, cargo-ci-cache-clean
+        uses: taiki-e/install-action@v2.49.42
        with:
-          tool: cargo-hack
+          tool: cargo-hack,cargo-ci-cache-clean

      - name: check minimal
        run: cargo ci-min
@ -52,10 +53,8 @@ jobs:
        timeout-minutes: 40
        run: cargo ci-test

-      - name: Clear the cargo caches
-        run: |
-          cargo install cargo-cache --version 0.6.2 --no-default-features --features ci-autoclean
-          cargo-cache
+      - name: CI cache clean
+        run: cargo-ci-cache-clean

  build_and_test_other_nightly:
    strategy:
@ -72,14 +71,24 @@ jobs:
    steps:
      - uses: actions/checkout@v4

+      - name: Install OpenSSL
+        if: matrix.target.os == 'windows-latest'
+        shell: bash
+        run: |
+          set -e
+          choco install openssl --version=1.1.1.2100 -y --no-progress
+          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' >> $GITHUB_ENV
+          echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV
+
      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.11.0
        with:
          toolchain: nightly

-      - uses: taiki-e/install-action@v2.21.3
+      - name: Install cargo-hack and cargo-ci-cache-clean
+        uses: taiki-e/install-action@v2.49.42
        with:
-          tool: cargo-hack
+          tool: cargo-hack,cargo-ci-cache-clean

      - name: check minimal
        run: cargo ci-min
@ -92,9 +101,7 @@ jobs:

      - name: tests
        timeout-minutes: 40
-        run: cargo ci-test --exclude=actix-redis --exclude=actix-session --exclude=actix-limitation -- --nocapture
+        run: cargo ci-test --exclude=actix-session --exclude=actix-limitation -- --nocapture

-      - name: Clear the cargo caches
-        run: |
-          cargo install cargo-cache --version 0.6.2 --no-default-features --features ci-autoclean
-          cargo-cache
+      - name: CI cache clean
+        run: cargo-ci-cache-clean
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -22,7 +22,7 @@ jobs:
        target:
          - { name: Linux, os: ubuntu-latest, triple: x86_64-unknown-linux-gnu }
        version:
-          - { name: msrv, version: 1.68.0 }
+          - { name: msrv, version: 1.75.0 }
          - { name: stable, version: stable }

    name: ${{ matrix.target.name }} / ${{ matrix.version.name }}
@ -44,19 +44,18 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.11.0
        with:
          toolchain: ${{ matrix.version.version }}

-      - name: Install cargo-hack
-        uses: taiki-e/install-action@v2.21.3
+      - name: Install cargo-hack and cargo-ci-cache-clean, just
+        uses: taiki-e/install-action@v2.49.42
        with:
-          tool: cargo-hack
+          tool: cargo-hack,cargo-ci-cache-clean,just

-      # - name: workaround MSRV issues
-      #   if: matrix.version.name == 'msrv'
-      #   run: |
-      #     cargo update -p=time:0.3.20 --precise=0.3.16
+      - name: workaround MSRV issues
+        if: matrix.version.name == 'msrv'
+        run: just downgrade-for-msrv

      - name: check minimal
        run: cargo ci-min
@ -71,10 +70,8 @@ jobs:
        timeout-minutes: 40
        run: cargo ci-test

-      - name: Clear the cargo caches
-        run: |
-          cargo install cargo-cache --version 0.6.2 --no-default-features --features ci-autoclean
-          cargo-cache
+      - name: CI cache clean
+        run: cargo-ci-cache-clean

  build_and_test_other:
    strategy:
@ -85,7 +82,7 @@ jobs:
          - { name: macOS, os: macos-latest, triple: x86_64-apple-darwin }
          - { name: Windows, os: windows-latest, triple: x86_64-pc-windows-msvc }
        version:
-          - { name: msrv, version: 1.68.0 }
+          - { name: msrv, version: 1.75.0 }
          - { name: stable, version: stable }

    name: ${{ matrix.target.name }} / ${{ matrix.version.name }}
@ -94,20 +91,28 @@ jobs:
    steps:
      - uses: actions/checkout@v4

+      - name: Install OpenSSL
+        if: matrix.target.os == 'windows-latest'
+        shell: bash
+        run: |
+          set -e
+          choco install openssl --version=1.1.1.2100 -y --no-progress
+          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' >> $GITHUB_ENV
+          echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV
+
      - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.11.0
        with:
          toolchain: ${{ matrix.version.version }}

-      - name: Install cargo-hack
-        uses: taiki-e/install-action@v2.21.3
+      - name: Install cargo-hack, cargo-ci-cache-clean, just
+        uses: taiki-e/install-action@v2.49.42
        with:
-          tool: cargo-hack
+          tool: cargo-hack,cargo-ci-cache-clean,just

-      # - name: workaround MSRV issues
-      #   if: matrix.version.name == 'msrv'
-      #   run: |
-      #     cargo update -p=time:0.3.20 --precise=0.3.16
+      - name: workaround MSRV issues
+        if: matrix.version.name == 'msrv'
+        run: just downgrade-for-msrv

      - name: check minimal
        run: cargo ci-min
@ -120,24 +125,29 @@ jobs:

      - name: tests
        timeout-minutes: 40
-        run: cargo ci-test --exclude=actix-redis --exclude=actix-session --exclude=actix-limitation
+        run: cargo ci-test --exclude=actix-session --exclude=actix-limitation

-      - name: Clear the cargo caches
-        run: |
-          cargo install cargo-cache --version 0.6.2 --no-default-features --features ci-autoclean
-          cargo-cache
+      - name: CI cache clean
+        run: cargo-ci-cache-clean

  doc_tests:
-    name: doc tests
+    name: Documentation Tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.11.0
        with:
          toolchain: nightly

-      - name: doc tests
-        timeout-minutes: 40
-        run: cargo ci-doctest -- --nocapture
+      - name: Install just
+        uses: taiki-e/install-action@v2.49.42
+        with:
+          tool: just
+
+      - name: Test docs
+        run: just test-docs
+
+      - name: Build docs
+        run: just doc
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@ -24,17 +24,24 @@ jobs:
    steps:
      - uses: actions/checkout@v4

-      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1.11.0
        with:
          toolchain: nightly
+          components: llvm-tools-preview

-      - name: Generate coverage file
-        run: |
-          cargo install cargo-tarpaulin --vers "^0.13"
-          cargo tarpaulin --workspace --out Xml --verbose
+      - name: Install just, cargo-llvm-cov, cargo-nextest
+        uses: taiki-e/install-action@v2.49.42
+        with:
+          tool: just,cargo-llvm-cov,cargo-nextest
+
+      - name: Generate code coverage
+        run: just test-coverage-codecov

      - name: Upload to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5.4.0
        with:
-          file: cobertura.xml
+          files: codecov.json
+          fail_ci_if_error: true
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -2,7 +2,8 @@ name: Lint

 on: [pull_request]

-permissions: { contents: read }
+permissions:
+  contents: read

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@ -15,7 +16,7 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.11.0
        with:
          toolchain: nightly
          components: rustfmt
@ -24,43 +25,24 @@ jobs:
        run: cargo fmt --all -- --check

  clippy:
+    permissions:
+      contents: read
+      checks: write # to add clippy checks to PR diffs
+
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.11.0
        with:
          components: clippy

      - name: Check with Clippy
-        run: cargo clippy --workspace --tests --all-features -- -A unknown_lints
-
-  public-api-diff:
-    runs-on: ubuntu-latest
-    steps:
-      - name: checkout ${{ github.base_ref }}
-        uses: actions/checkout@v4
+        uses: giraffate/clippy-action@v1.0.1
        with:
-          ref: ${{ github.base_ref }}
-
-      - name: checkout ${{ github.head_ref }}
-        uses: actions/checkout@v4
-
-      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
-        with:
-          toolchain: nightly
-
-      - name: Install cargo-public-api
-        uses: taiki-e/cache-cargo-install-action@v1.3.0
-        with:
-          tool: cargo-public-api
-
-      - name: generate API diff
-        run: |
-          for f in $(find -mindepth 2 -maxdepth 2 -name Cargo.toml); do
-
-            cargo public-api --manifest-path "$f" --all-features diff ${{ github.event.pull_request.base.sha }}..${{ github.sha }} >> /tmp/diff.txt
-          done
-          cat /tmp/diff.txt
+          reporter: github-pr-check
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          clippy_flags: >-
+            --workspace --all-features --tests --examples --bins --
+            -A unknown_lints -D clippy::todo -D clippy::dbg_macro
--- a/.github/workflows/upload-doc.yml
+++ b/.github/workflows/upload-doc.yml
@ -1,36 +0,0 @@
-name: Upload Documentation
-
-on:
-  push:
-    branches: [master]
-
-permissions:
-  contents: write
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
-        with:
-          toolchain: nightly
-
-      - name: Build Docs
-        run: cargo doc --no-deps --workspace --all-features
-
-      - name: Tweak HTML
-        run: echo '<meta http-equiv="refresh" content="0;url=actix_cors/index.html">' > target/doc/index.html
-
-      - name: Deploy to GitHub Pages
-        uses: JamesIves/github-pages-deploy-action@v4.4.3
-        with:
-          folder: target/doc
-          branch: gh-pages
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,5 @@
 /target
 **/*.rs.bk
-Cargo.lock

 guide/build/
 /gh-pages
--- a/.prettierrc.yml
+++ b/.prettierrc.yml
@ -0,0 +1,5 @@
+overrides:
+  - files: "*.md"
+    options:
+      proseWrap: never
+      printWidth: 9999
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -5,23 +5,29 @@ members = [
    "actix-identity",
    "actix-limitation",
    "actix-protobuf",
-    "actix-redis",
    "actix-session",
    "actix-settings",
    "actix-web-httpauth",
+    "actix-ws",
 ]

 [workspace.package]
+repository = "https://github.com/actix/actix-extras"
+homepage = "https://actix.rs"
 license = "MIT OR Apache-2.0"
 edition = "2021"
-rust-version = "1.68"
+rust-version = "1.75"
+
+[workspace.lints.rust]
+rust-2018-idioms = { level = "deny" }
+nonstandard-style = { level = "deny" }
+future-incompatible = { level = "deny" }

 [patch.crates-io]
 actix-cors = { path = "./actix-cors" }
 actix-identity = { path = "./actix-identity" }
 actix-limitation = { path = "./actix-limitation" }
 actix-protobuf = { path = "./actix-protobuf" }
-actix-redis = { path = "./actix-redis" }
 actix-session = { path = "./actix-session" }
 actix-settings = { path = "./actix-settings" }
 actix-web-httpauth = { path = "./actix-web-httpauth" }
--- a/3
+++ b/3
@ -186,8 +186,7 @@
      same "printed page" as the copyright notice for easier
      identification within third-party archives.

-   Copyright 2017-NOW Nikolay Kim
-   Copyright 2017-NOW svartalf and Actix team
+   Copyright 2017-NOW Actix team

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/3
+++ b/3
@ -1,5 +1,4 @@
-Copyright (c) 2017 Nikolay Kim
-Copyright (c) 2017 svartalf and Actix team
+Copyright (c) 2023 Actix team

 Permission is hereby granted, free of charge, to any
 person obtaining a copy of this software and associated
--- a/README.md
+++ b/README.md
@ -2,23 +2,27 @@

 > A collection of additional crates supporting [Actix Web].

+<!-- prettier-ignore-start -->
+
 [![CI](https://github.com/actix/actix-extras/actions/workflows/ci.yml/badge.svg)](https://github.com/actix/actix-extras/actions/workflows/ci.yml)
 [![codecov](https://codecov.io/gh/actix/actix-extras/branch/master/graph/badge.svg)](https://codecov.io/gh/actix/actix-extras)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/5Ux4QGChWc)
 [![Dependency Status](https://deps.rs/repo/github/actix/actix-extras/status.svg)](https://deps.rs/repo/github/actix/actix-extras)

+<!-- prettier-ignore-end -->
+
 ## Crates by @actix

-| Crate                |                                                                                                                                                                                                                                                                |                                                                                 |
-| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- |
-| [actix-cors]         | [![crates.io](https://img.shields.io/crates/v/actix-cors?label=latest)](https://crates.io/crates/actix-cors) [![dependency status](https://deps.rs/crate/actix-cors/0.6.4/status.svg)](https://deps.rs/crate/actix-cors/0.6.4)                                 | Cross-Origin Resource Sharing (CORS) controls.                                  |
-| [actix-identity]     | [![crates.io](https://img.shields.io/crates/v/actix-identity?label=latest)](https://crates.io/crates/actix-identity) [![dependency status](https://deps.rs/crate/actix-identity/0.6.0/status.svg)](https://deps.rs/crate/actix-identity/0.6.0)                 | Identity management.                                                            |
-| [actix-limitation]   | [![crates.io](https://img.shields.io/crates/v/actix-limitation?label=latest)](https://crates.io/crates/actix-limitation) [![dependency status](https://deps.rs/crate/actix-limitation/0.5.1/status.svg)](https://deps.rs/crate/actix-limitation/0.5.1)         | Rate-limiting using a fixed window counter for arbitrary keys, backed by Redis. |
-| [actix-protobuf]     | [![crates.io](https://img.shields.io/crates/v/actix-protobuf?label=latest)](https://crates.io/crates/actix-protobuf) [![dependency status](https://deps.rs/crate/actix-protobuf/0.10.0/status.svg)](https://deps.rs/crate/actix-protobuf/0.10.0)                 | Protobuf payload extractor.                                                     |
-| [actix-redis]        | [![crates.io](https://img.shields.io/crates/v/actix-redis?label=latest)](https://crates.io/crates/actix-redis) [![dependency status](https://deps.rs/crate/actix-redis/0.13.0/status.svg)](https://deps.rs/crate/actix-redis/0.13.0)                           | Actor-based Redis client.                                                       |
-| [actix-session]      | [![crates.io](https://img.shields.io/crates/v/actix-session?label=latest)](https://crates.io/crates/actix-session) [![dependency status](https://deps.rs/crate/actix-session/0.8.0/status.svg)](https://deps.rs/crate/actix-session/0.8.0)                     | Session management.                                                             |
-| [actix-settings]     | [![crates.io](https://img.shields.io/crates/v/actix-settings?label=latest)](https://crates.io/crates/actix-settings) [![dependency status](https://deps.rs/crate/actix-settings/0.6.0/status.svg)](https://deps.rs/crate/actix-settings/0.6.0)                 | Easily manage Actix Web's settings from a TOML file and environment variables.  |
-| [actix-web-httpauth] | [![crates.io](https://img.shields.io/crates/v/actix-web-httpauth?label=latest)](https://crates.io/crates/actix-web-httpauth) [![dependency status](https://deps.rs/crate/actix-web-httpauth/0.8.1/status.svg)](https://deps.rs/crate/actix-web-httpauth/0.8.1) | HTTP authentication schemes.                                                    |
+| Crate                |                                                                                                                                                                                                                                                           |                                                                                 |
+| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- |
+| [actix-cors]         | [![crates.io](https://img.shields.io/crates/v/actix-cors?label=latest)](https://crates.io/crates/actix-cors) [![dependency status](https://deps.rs/crate/actix-cors/latest/status.svg)](https://deps.rs/crate/actix-cors)                                 | Cross-Origin Resource Sharing (CORS) controls.                                  |
+| [actix-identity]     | [![crates.io](https://img.shields.io/crates/v/actix-identity?label=latest)](https://crates.io/crates/actix-identity) [![dependency status](https://deps.rs/crate/actix-identity/latest/status.svg)](https://deps.rs/crate/actix-identity)                 | Identity management.                                                            |
+| [actix-limitation]   | [![crates.io](https://img.shields.io/crates/v/actix-limitation?label=latest)](https://crates.io/crates/actix-limitation) [![dependency status](https://deps.rs/crate/actix-limitation/latest/status.svg)](https://deps.rs/crate/actix-limitation)         | Rate-limiting using a fixed window counter for arbitrary keys, backed by Redis. |
+| [actix-protobuf]     | [![crates.io](https://img.shields.io/crates/v/actix-protobuf?label=latest)](https://crates.io/crates/actix-protobuf) [![dependency status](https://deps.rs/crate/actix-protobuf/latest/status.svg)](https://deps.rs/crate/actix-protobuf)                 | Protobuf payload extractor.                                                     |
+| [actix-session]      | [![crates.io](https://img.shields.io/crates/v/actix-session?label=latest)](https://crates.io/crates/actix-session) [![dependency status](https://deps.rs/crate/actix-session/latest/status.svg)](https://deps.rs/crate/actix-session)                     | Session management.                                                             |
+| [actix-settings]     | [![crates.io](https://img.shields.io/crates/v/actix-settings?label=latest)](https://crates.io/crates/actix-settings) [![dependency status](https://deps.rs/crate/actix-settings/latest/status.svg)](https://deps.rs/crate/actix-settings)                 | Easily manage Actix Web's settings from a TOML file and environment variables.  |
+| [actix-web-httpauth] | [![crates.io](https://img.shields.io/crates/v/actix-web-httpauth?label=latest)](https://crates.io/crates/actix-web-httpauth) [![dependency status](https://deps.rs/crate/actix-web-httpauth/latest/status.svg)](https://deps.rs/crate/actix-web-httpauth) | HTTP authentication schemes.                                                    |
+| [actix-ws]           | [![crates.io](https://img.shields.io/crates/v/actix-ws?label=latest)][actix-ws] [![dependency status](https://deps.rs/crate/actix-ws/latest/status.svg)](https://deps.rs/crate/actix-ws)                                                                  | WebSockets for Actix Web, without actors.                                       |

 ---

@ -26,24 +30,27 @@

 These crates are provided by the community.

-| Crate                      |                                                                                                                                                                                                                                                               |                                                                                                   |
-| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
-| [actix-web-lab]            | [![crates.io](https://img.shields.io/crates/v/actix-web-lab?label=latest)][actix-web-lab] [![dependency status](https://deps.rs/crate/actix-web-lab/0.19.1/status.svg)](https://deps.rs/crate/actix-web-lab/0.19.1)                                           | Experimental extractors, middleware, and other extras for possible inclusion in Actix Web.        |
-| [actix-multipart-extract]  | [![crates.io](https://img.shields.io/crates/v/actix-multipart-extract?label=latest)][actix-multipart-extract] [![dependency status](https://deps.rs/crate/actix-multipart-extract/0.1.5/status.svg)](https://deps.rs/crate/actix-multipart-extract/0.1.5)     | Better multipart form support for Actix Web.                                                      |
-| [actix-form-data]          | [![crates.io](https://img.shields.io/crates/v/actix-form-data?label=latest)][actix-form-data] [![dependency status](https://deps.rs/crate/actix-form-data/0.7.0-beta.4/status.svg)](https://deps.rs/crate/actix-form-data/0.7.0-beta.4)                       | Multipart form data from actix multipart streams                                                  |
-| [actix-governor]           | [![crates.io](https://img.shields.io/crates/v/actix-governor?label=latest)][actix-governor] [![dependency status](https://deps.rs/crate/actix-governor/0.5.1/status.svg)](https://deps.rs/crate/actix-governor/0.5.1)                                         | Rate-limiting backed by governor.                                                                 |
-| [actix-casbin]             | [![crates.io](https://img.shields.io/crates/v/actix-casbin?label=latest)][actix-casbin] [![dependency status](https://deps.rs/crate/actix-casbin/0.4.2/status.svg)](https://deps.rs/crate/actix-casbin/0.4.2)                                                 | Authorization library that supports access control models like ACL, RBAC & ABAC.                  |
-| [actix-ip-filter]          | [![crates.io](https://img.shields.io/crates/v/actix-ip-filter?label=latest)][actix-ip-filter] [![dependency status](https://deps.rs/crate/actix-ip-filter/0.3.1/status.svg)](https://deps.rs/crate/actix-ip-filter/0.3.1)                                     | IP address filter. Supports glob patterns.                                                        |
-| [actix-web-static-files]   | [![crates.io](https://img.shields.io/crates/v/actix-web-static-files?label=latest)][actix-web-static-files] [![dependency status](https://deps.rs/crate/actix-web-static-files/4.0.1/status.svg)](https://deps.rs/crate/actix-web-static-files/4.0.1)         | Static files as embedded resources.                                                               |
-| [actix-web-grants]         | [![crates.io](https://img.shields.io/crates/v/actix-web-grants?label=latest)][actix-web-grants] [![dependency status](https://deps.rs/crate/actix-web-grants/3.0.2/status.svg)](https://deps.rs/crate/actix-web-grants/3.0.2)                                 | Extension for validating user authorities.                                                        |
-| [aliri_actix]              | [![crates.io](https://img.shields.io/crates/v/aliri_actix?label=latest)][aliri_actix] [![dependency status](https://deps.rs/crate/aliri_actix/0.9.0/status.svg)](https://deps.rs/crate/aliri_actix/0.9.0)                                                     | Endpoint authorization and authentication using scoped OAuth2 JWT tokens.                         |
-| [actix-web-flash-messages] | [![crates.io](https://img.shields.io/crates/v/actix-web-flash-messages?label=latest)][actix-web-flash-messages] [![dependency status](https://deps.rs/crate/actix-web-flash-messages/0.4.2/status.svg)](https://deps.rs/crate/actix-web-flash-messages/0.4.2) | Support for flash messages/one-time notifications in `actix-web`.                                 |
-| [awmp]                     | [![crates.io](https://img.shields.io/crates/v/awmp?label=latest)][awmp] [![dependency status](https://deps.rs/crate/awmp/0.8.1/status.svg)](https://deps.rs/crate/awmp/0.8.1)                                                                                 | An easy to use wrapper around multipart fields for Actix Web.                                     |
-| [tracing-actix-web]        | [![crates.io](https://img.shields.io/crates/v/tracing-actix-web?label=latest)][tracing-actix-web] [![dependency status](https://deps.rs/crate/tracing-actix-web/0.7.6/status.svg)](https://deps.rs/crate/tracing-actix-web/0.7.6)                             | A middleware to collect telemetry data from applications built on top of the Actix Web framework. |
-| [actix-ws]                 | [![crates.io](https://img.shields.io/crates/v/actix-ws?label=latest)][actix-ws] [![dependency status](https://deps.rs/crate/actix-ws/0.2.5/status.svg)](https://deps.rs/crate/actix-ws/0.2.5)                                                                 | Actor-less WebSockets for the Actix Runtime.                                                      |
-| [actix-hash]               | [![crates.io](https://img.shields.io/crates/v/actix-hash?label=latest)][actix-hash] [![dependency status](https://deps.rs/crate/actix-hash/0.5.0/status.svg)](https://deps.rs/crate/actix-hash/0.5.0)                                                         | Hashing utilities for Actix Web.                                                                  |
-| [actix-bincode]            | ![crates.io](https://img.shields.io/crates/v/actix-bincode?label=latest) [![dependency status](https://deps.rs/crate/actix-bincode/0.2.2/status.svg)](https://deps.rs/crate/actix-bincode/0.2.2)                                                              | Bincode payload extractor for Actix Web                                                           |
-| [sentinel-actix]           | ![crates.io](https://img.shields.io/crates/v/sentinel-actix?label=latest) [![dependency status](https://deps.rs/crate/sentinel-actix/0.1.0/status.svg)](https://deps.rs/crate/sentinel-actix/0.1.0)                                                           | General and flexible protection for Actix Web                                                     |
+| Crate                      |                                                                                                                                                                                                                                                          |                                                                                                   |
+| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
+| [actix-web-lab]            | [![crates.io](https://img.shields.io/crates/v/actix-web-lab?label=latest)][actix-web-lab] [![dependency status](https://deps.rs/crate/actix-web-lab/latest/status.svg)](https://deps.rs/crate/actix-web-lab)                                             | Experimental extractors, middleware, and other extras for possible inclusion in Actix Web.        |
+| [actix-form-data]          | [![crates.io](https://img.shields.io/crates/v/actix-form-data?label=latest)][actix-form-data] [![dependency status](https://deps.rs/crate/actix-form-data/latest/status.svg)](https://deps.rs/crate/actix-form-data)                                     | Multipart form data from actix multipart streams.                                                 |
+| [actix-governor]           | [![crates.io](https://img.shields.io/crates/v/actix-governor?label=latest)][actix-governor] [![dependency status](https://deps.rs/crate/actix-governor/latest/status.svg)](https://deps.rs/crate/actix-governor)                                         | Rate-limiting backed by governor.                                                                 |
+| [actix-casbin]             | [![crates.io](https://img.shields.io/crates/v/actix-casbin?label=latest)][actix-casbin] [![dependency status](https://deps.rs/crate/actix-casbin/latest/status.svg)](https://deps.rs/crate/actix-casbin)                                                 | Authorization library that supports access control models like ACL, RBAC & ABAC.                  |
+| [actix-ip-filter]          | [![crates.io](https://img.shields.io/crates/v/actix-ip-filter?label=latest)][actix-ip-filter] [![dependency status](https://deps.rs/crate/actix-ip-filter/latest/status.svg)](https://deps.rs/crate/actix-ip-filter)                                     | IP address filter. Supports glob patterns.                                                        |
+| [actix-web-static-files]   | [![crates.io](https://img.shields.io/crates/v/actix-web-static-files?label=latest)][actix-web-static-files] [![dependency status](https://deps.rs/crate/actix-web-static-files/latest/status.svg)](https://deps.rs/crate/actix-web-static-files)         | Static files as embedded resources.                                                               |
+| [actix-web-grants]         | [![crates.io](https://img.shields.io/crates/v/actix-web-grants?label=latest)][actix-web-grants] [![dependency status](https://deps.rs/crate/actix-web-grants/latest/status.svg)](https://deps.rs/crate/actix-web-grants)                                 | Extension for validating user authorities.                                                        |
+| [aliri_actix]              | [![crates.io](https://img.shields.io/crates/v/aliri_actix?label=latest)][aliri_actix] [![dependency status](https://deps.rs/crate/aliri_actix/latest/status.svg)](https://deps.rs/crate/aliri_actix)                                                     | Endpoint authorization and authentication using scoped OAuth2 JWT tokens.                         |
+| [actix-web-flash-messages] | [![crates.io](https://img.shields.io/crates/v/actix-web-flash-messages?label=latest)][actix-web-flash-messages] [![dependency status](https://deps.rs/crate/actix-web-flash-messages/latest/status.svg)](https://deps.rs/crate/actix-web-flash-messages) | Support for flash messages/one-time notifications in `actix-web`.                                 |
+| [awmp]                     | [![crates.io](https://img.shields.io/crates/v/awmp?label=latest)][awmp] [![dependency status](https://deps.rs/crate/awmp/latest/status.svg)](https://deps.rs/crate/awmp)                                                                                 | An easy to use wrapper around multipart fields for Actix Web.                                     |
+| [tracing-actix-web]        | [![crates.io](https://img.shields.io/crates/v/tracing-actix-web?label=latest)][tracing-actix-web] [![dependency status](https://deps.rs/crate/tracing-actix-web/latest/status.svg)](https://deps.rs/crate/tracing-actix-web)                             | A middleware to collect telemetry data from applications built on top of the Actix Web framework. |
+| [actix-hash]               | [![crates.io](https://img.shields.io/crates/v/actix-hash?label=latest)][actix-hash] [![dependency status](https://deps.rs/crate/actix-hash/latest/status.svg)](https://deps.rs/crate/actix-hash)                                                         | Hashing utilities for Actix Web.                                                                  |
+| [actix-bincode]            | ![crates.io](https://img.shields.io/crates/v/actix-bincode?label=latest) [![dependency status](https://deps.rs/crate/actix-bincode/latest/status.svg)](https://deps.rs/crate/actix-bincode)                                                              | Bincode payload extractor for Actix Web.                                                          |
+| [sentinel-actix]           | ![crates.io](https://img.shields.io/crates/v/sentinel-actix?label=latest) [![dependency status](https://deps.rs/crate/sentinel-actix/latest/status.svg)](https://deps.rs/crate/sentinel-actix)                                                           | General and flexible protection for Actix Web.                                                    |
+| [actix-telepathy]          | ![crates.io](https://img.shields.io/crates/v/actix-telepathy?label=latest) [![dependency status](https://deps.rs/crate/actix-telepathy/latest/status.svg)](https://deps.rs/crate/actix-telepathy)                                                        | Build distributed applications with `RemoteActors` and `RemoteMessages`.                          |
+| [apistos]                  | ![crates.io](https://img.shields.io/crates/v/apistos?label=latest) [![dependency status](https://deps.rs/crate/apistos/latest/status.svg)](https://deps.rs/crate/apistos)                                                                                | Automatic OpenAPI v3 documentation for Actix Web.                                                 |
+| [actix-web-validation]     | ![crates.io](https://img.shields.io/crates/v/actix-web-validation?label=latest) [![dependency status](https://deps.rs/crate/actix-web-validation/latest/status.svg)](https://deps.rs/crate/actix-web-validation)                                         | Request validation for Actix Web.                                                                 |
+| [actix-jwt-cookies]        | ![crates.io](https://img.shields.io/crates/v/actix-jwt-cookies?label=latest) [![dependency status](https://deps.rs/repo/github/Necoo33/actix-jwt-cookies/status.svg)](https://deps.rs/repo/github/Necoo33/actix-jwt-cookies?path=%2F)                    | Store your data in encrypted cookies and get it elegantly.                                        |
+| [actix-ws-broadcaster]     | ![crates.io](https://img.shields.io/crates/v/actix-ws-broadcaster?label=latest) [![dependency status](https://deps.rs/repo/github/Necoo33/actix-ws-broadcaster/status.svg?path=%2F)](https://deps.rs/repo/github/Necoo33/actix-ws-broadcaster?path=%2F)  | A broadcaster library for actix-ws that includes grouping and conditional broadcasting.           |

 To add a crate to this list, submit a pull request.

@ -56,7 +63,6 @@ To add a crate to this list, submit a pull request.
 [actix-identity]: ./actix-identity
 [actix-limitation]: ./actix-limitation
 [actix-protobuf]: ./actix-protobuf
-[actix-redis]: ./actix-redis
 [actix-session]: ./actix-session
 [actix-settings]: ./actix-settings
 [actix-web-httpauth]: ./actix-web-httpauth
@ -76,3 +82,9 @@ To add a crate to this list, submit a pull request.
 [actix-hash]: https://crates.io/crates/actix-hash
 [actix-bincode]: https://crates.io/crates/actix-bincode
 [sentinel-actix]: https://crates.io/crates/sentinel-actix
+[actix-telepathy]: https://crates.io/crates/actix-telepathy
+[actix-web-validation]: https://crates.io/crates/actix-web-validation
+[actix-telepathy]: https://crates.io/crates/actix-telepathy
+[apistos]: https://crates.io/crates/apistos
+[actix-jwt-cookies]: https://crates.io/crates/actix-jwt-cookies
+[actix-ws-broadcaster]: https://crates.io/crates/actix-ws-broadcaster
--- a/actix-cors/CHANGES.md
+++ b/actix-cors/CHANGES.md
@ -2,38 +2,46 @@

 ## Unreleased

+## 0.7.1
+
+- Implement `PartialEq` for `Cors` allowing for better testing.
+
+## 0.7.0
+
+- `Cors` is now marked `#[must_use]`.
+- Default for `Cors::block_on_origin_mismatch` is now false.
+- Minimum supported Rust version (MSRV) is now 1.75.
+
+## 0.6.5
+
+- Fix `Vary` header when Private Network Access is enabled.
 - Minimum supported Rust version (MSRV) is now 1.68.

 ## 0.6.4

- Add `Cors::allow_private_network_access()` behind an unstable flag (`draft-private-network-access`). [#297]
-
-[#297]: https://github.com/actix/actix-extras/pull/297
+- Add `Cors::allow_private_network_access()` behind an unstable flag (`draft-private-network-access`).

 ## 0.6.3

- Add `Cors::block_on_origin_mismatch()` option for controlling if requests are pre-emptively rejected. [#287]
+- Add `Cors::block_on_origin_mismatch()` option for controlling if requests are pre-emptively rejected.
 - Minimum supported Rust version (MSRV) is now 1.59 due to transitive `time` dependency.

-[#287]: https://github.com/actix/actix-extras/pull/287
-
 ## 0.6.2

- Fix `expose_any_header` to return list of response headers. [#273]
+- Fix `expose_any_header` to return list of response headers.
 - Minimum supported Rust version (MSRV) is now 1.57 due to transitive `time` dependency.

-[#273]: https://github.com/actix/actix-extras/pull/273
-
 ## 0.6.1

- Do not consider requests without a `Access-Control-Request-Method` as preflight. [#226]
-
-[#226]: https://github.com/actix/actix-extras/pull/226
+- Do not consider requests without a `Access-Control-Request-Method` as preflight.

 ## 0.6.0

 - Update `actix-web` dependency to 4.0.

+<details>
+<summary>0.6.0 pre-releases</summary>
+
 ## 0.6.0-beta.10

 - Ensure that preflight responses contain a `Vary` header. [#224]
@ -93,6 +101,8 @@
 - Update `actix-web` dependency to 4.0.0 beta.
 - Minimum supported Rust version (MSRV) is now 1.46.0.

+</details>
+
 ## 0.5.4

 - Fix `expose_any_header` method, now set the correct field. [#143]
@ -121,13 +131,11 @@
 - `CorsFactory` is removed. [#119]
 - The `impl Default` constructor is now overly-restrictive. [#119]
 - Added `Cors::permissive()` constructor that allows anything. [#119]
- Adds methods for each property to reset to a permissive state. (`allow_any_origin`,
-  `expose_any_header`, etc.) [#119]
+- Adds methods for each property to reset to a permissive state. (`allow_any_origin`, `expose_any_header`, etc.) [#119]
 - Errors are now propagated with `Transform::InitError` instead of panicking. [#119]
 - Fixes bug where allowed origin functions are not called if `allowed_origins` is All. [#119]
 - `AllOrSome` is no longer public. [#119]
- Functions used for `allowed_origin_fn` now receive the Origin HeaderValue as the
-  first parameter. [#120]
+- Functions used for `allowed_origin_fn` now receive the Origin HeaderValue as the first parameter. [#120]

 [#114]: https://github.com/actix/actix-extras/pull/114
 [#118]: https://github.com/actix/actix-extras/pull/118
--- a/actix-cors/Cargo.toml
+++ b/actix-cors/Cargo.toml
@ -1,14 +1,14 @@
 [package]
 name = "actix-cors"
-version = "0.6.4"
+version = "0.7.1"
 authors = [
    "Nikolay Kim <fafhrd91@gmail.com>",
    "Rob Ede <robjtede@icloud.com>",
 ]
 description = "Cross-Origin Resource Sharing (CORS) controls for Actix Web"
 keywords = ["actix", "cors", "web", "security", "crossorigin"]
-homepage = "https://actix.rs"
-repository = "https://github.com/actix/actix-extras.git"
+repository.workspace = true
+homepage.workspace = true
 license.workspace = true
 edition.workspace = true
 rust-version.workspace = true
@ -24,7 +24,7 @@ draft-private-network-access = []
 actix-utils = "3"
 actix-web = { version = "4", default-features = false }

-derive_more = "0.99.7"
+derive_more = { version = "2", features = ["display", "error"] }
 futures-util = { version = "0.3.17", default-features = false, features = ["std"] }
 log = "0.4"
 once_cell = "1"
@ -32,5 +32,8 @@ smallvec = "1"

 [dev-dependencies]
 actix-web = { version = "4", default-features = false, features = ["macros"] }
-env_logger = "0.10"
+env_logger = "0.11"
 regex = "1.4"
+
+[lints]
+workspace = true
--- a/actix-cors/README.md
+++ b/actix-cors/README.md
@ -1,14 +1,72 @@
 # actix-cors

-> Cross-Origin Resource Sharing (CORS) controls for Actix Web.
+<!-- prettier-ignore-start -->

 [![crates.io](https://img.shields.io/crates/v/actix-cors?label=latest)](https://crates.io/crates/actix-cors)
-[![Documentation](https://docs.rs/actix-cors/badge.svg?version=0.6.4)](https://docs.rs/actix-cors/0.6.4)
-![Apache 2.0 or MIT licensed](https://img.shields.io/crates/l/actix-cors)
-[![Dependency Status](https://deps.rs/crate/actix-cors/0.6.4/status.svg)](https://deps.rs/crate/actix-cors/0.6.4)
+[![Documentation](https://docs.rs/actix-cors/badge.svg?version=0.7.1)](https://docs.rs/actix-cors/0.7.1)
+![Version](https://img.shields.io/badge/rustc-1.75+-ab6000.svg)
+![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-cors.svg)
+<br />
+[![Dependency Status](https://deps.rs/crate/actix-cors/0.7.1/status.svg)](https://deps.rs/crate/actix-cors/0.7.1)
+[![Download](https://img.shields.io/crates/d/actix-cors.svg)](https://crates.io/crates/actix-cors)
+[![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
+
+<!-- prettier-ignore-end -->
+
+<!-- cargo-rdme start -->
+
+Cross-Origin Resource Sharing (CORS) controls for Actix Web.
+
+This middleware can be applied to both applications and resources. Once built, a [`Cors`] builder can be used as an argument for Actix Web's `App::wrap()`, `Scope::wrap()`, or `Resource::wrap()` methods.
+
+This CORS middleware automatically handles `OPTIONS` preflight requests.
+
+## Crate Features
+
+- `draft-private-network-access`: ⚠️ Unstable. Adds opt-in support for the [Private Network Access] spec extensions. This feature is unstable since it will follow breaking changes in the draft spec until it is finalized.
+
+## Example
+
+```rust
+use actix_cors::Cors;
+use actix_web::{get, http, web, App, HttpRequest, HttpResponse, HttpServer};
+
+#[get("/index.html")]
+async fn index(req: HttpRequest) -> &'static str {
+    "<p>Hello World!</p>"
+}
+
+#[actix_web::main]
+async fn main() -> std::io::Result<()> {
+    HttpServer::new(|| {
+        let cors = Cors::default()
+            .allowed_origin("https://www.rust-lang.org")
+            .allowed_origin_fn(|origin, _req_head| {
+                origin.as_bytes().ends_with(b".rust-lang.org")
+            })
+            .allowed_methods(vec!["GET", "POST"])
+            .allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT])
+            .allowed_header(http::header::CONTENT_TYPE)
+            .max_age(3600);
+
+        App::new()
+            .wrap(cors)
+            .service(index)
+    })
+    .bind(("127.0.0.1", 8080))?
+    .run()
+    .await;
+
+    Ok(())
+}
+```
+
+[Private Network Access]: https://wicg.github.io/private-network-access
+
+<!-- cargo-rdme end -->

 ## Documentation & Resources

 - [API Documentation](https://docs.rs/actix-cors)
 - [Example Project](https://github.com/actix/examples/tree/master/cors)
- Minimum Supported Rust Version (MSRV): 1.57
+- Minimum Supported Rust Version (MSRV): 1.75
--- a/actix-cors/src/builder.rs
+++ b/actix-cors/src/builder.rs
@ -1,4 +1,4 @@
-use std::{collections::HashSet, convert::TryInto, iter::FromIterator, rc::Rc};
+use std::{collections::HashSet, rc::Rc};

 use actix_utils::future::{self, Ready};
 use actix_web::{
@ -82,6 +82,7 @@ static ALL_METHODS_SET: Lazy<HashSet<Method>> = Lazy::new(|| {
 ///
 /// [Fetch Standard CORS protocol]: https://fetch.spec.whatwg.org/#http-cors-protocol
 #[derive(Debug)]
+#[must_use]
 pub struct Cors {
    inner: Rc<Inner>,
    error: Option<Either<HttpError, CorsError>>,
@ -114,7 +115,7 @@ impl Cors {
            #[cfg(feature = "draft-private-network-access")]
            allow_private_network_access: false,
            vary_header: true,
-            block_on_origin_mismatch: true,
+            block_on_origin_mismatch: false,
        };

        Cors {
@ -213,7 +214,7 @@ impl Cors {
    /// See [`Cors::allowed_methods`] for more info on allowed methods.
    pub fn allow_any_method(mut self) -> Cors {
        if let Some(cors) = cors(&mut self.inner, &self.error) {
-            cors.allowed_methods = ALL_METHODS_SET.clone();
+            ALL_METHODS_SET.clone_into(&mut cors.allowed_methods);
        }

        self
@ -476,7 +477,7 @@ impl Cors {
    /// and block requests based on pre-flight requests. Use this setting to allow cURL and other
    /// non-browser HTTP clients to function as normal, no matter what `Origin` the request has.
    ///
-    /// Defaults to true.
+    /// Defaults to false.
    pub fn block_on_origin_mismatch(mut self, block: bool) -> Cors {
        if let Some(cors) = cors(&mut self.inner, &self.error) {
            cors.block_on_origin_mismatch = block;
@ -512,7 +513,7 @@ impl Default for Cors {
            #[cfg(feature = "draft-private-network-access")]
            allow_private_network_access: false,
            vary_header: true,
-            block_on_origin_mismatch: true,
+            block_on_origin_mismatch: false,
        };

        Cors {
@ -607,14 +608,27 @@ where
        .unwrap()
 }

+impl PartialEq for Cors {
+    fn eq(&self, other: &Self) -> bool {
+        self.inner == other.inner
+        // Because of the cors-function, checking if the content is equal implies that the errors are equal
+        //
+        // Proof by contradiction:
+        // Lets assume that the inner values are equal, but the error values are not.
+        // This means there had been an error, which has been fixed.
+        // This cannot happen as the first call to set the invalid value means that further usages of the cors-function will reject other input.
+        // => inner has to be in a different state
+    }
+}
+
 #[cfg(test)]
 mod test {
-    use std::convert::{Infallible, TryInto};
+    use std::convert::Infallible;

    use actix_web::{
        body,
-        dev::{fn_service, Transform},
-        http::{header::HeaderName, StatusCode},
+        dev::fn_service,
+        http::StatusCode,
        test::{self, TestRequest},
        HttpResponse,
    };
@ -645,8 +659,9 @@ mod test {
            .insert_header(("Origin", "https://www.example.com"))
            .to_srv_request();

-        let resp = test::call_service(&cors, req).await;
-        assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
+        let res = test::call_service(&cors, req).await;
+        assert_eq!(res.status(), StatusCode::OK);
+        assert!(!res.headers().contains_key("Access-Control-Allow-Origin"));
    }

    #[actix_web::test]
@ -677,4 +692,11 @@ mod test {

        Cors::default().new_transform(srv).await.unwrap();
    }
+
+    #[test]
+    fn impl_eq() {
+        assert_eq!(Cors::default(), Cors::default());
+        assert_ne!(Cors::default().send_wildcard(), Cors::default());
+        assert_ne!(Cors::default(), Cors::permissive());
+    }
 }
--- a/actix-cors/src/error.rs
+++ b/actix-cors/src/error.rs
@ -1,40 +1,40 @@
 use actix_web::{http::StatusCode, HttpResponse, ResponseError};
-use derive_more::{Display, Error};
+use derive_more::derive::{Display, Error};

 /// Errors that can occur when processing CORS guarded requests.
 #[derive(Debug, Clone, Display, Error)]
 #[non_exhaustive]
 pub enum CorsError {
    /// Allowed origin argument must not be wildcard (`*`).
-    #[display(fmt = "`allowed_origin` argument must not be wildcard (`*`)")]
+    #[display("`allowed_origin` argument must not be wildcard (`*`)")]
    WildcardOrigin,

    /// Request header `Origin` is required but was not provided.
-    #[display(fmt = "Request header `Origin` is required but was not provided")]
+    #[display("Request header `Origin` is required but was not provided")]
    MissingOrigin,

    /// Request header `Access-Control-Request-Method` is required but is missing.
-    #[display(fmt = "Request header `Access-Control-Request-Method` is required but is missing")]
+    #[display("Request header `Access-Control-Request-Method` is required but is missing")]
    MissingRequestMethod,

    /// Request header `Access-Control-Request-Method` has an invalid value.
-    #[display(fmt = "Request header `Access-Control-Request-Method` has an invalid value")]
+    #[display("Request header `Access-Control-Request-Method` has an invalid value")]
    BadRequestMethod,

    /// Request header `Access-Control-Request-Headers` has an invalid value.
-    #[display(fmt = "Request header `Access-Control-Request-Headers` has an invalid value")]
+    #[display("Request header `Access-Control-Request-Headers` has an invalid value")]
    BadRequestHeaders,

    /// Origin is not allowed to make this request.
-    #[display(fmt = "Origin is not allowed to make this request")]
+    #[display("Origin is not allowed to make this request")]
    OriginNotAllowed,

    /// Request method is not allowed.
-    #[display(fmt = "Requested method is not allowed")]
+    #[display("Requested method is not allowed")]
    MethodNotAllowed,

    /// One or more request headers are not allowed.
-    #[display(fmt = "One or more request headers are not allowed")]
+    #[display("One or more request headers are not allowed")]
    HeadersNotAllowed,
 }

--- a/actix-cors/src/inner.rs
+++ b/actix-cors/src/inner.rs
@ -1,9 +1,4 @@
-use std::{
-    collections::HashSet,
-    convert::{TryFrom, TryInto},
-    fmt,
-    rc::Rc,
-};
+use std::{collections::HashSet, fmt, rc::Rc};

 use actix_web::{
    dev::RequestHead,
@ -32,6 +27,12 @@ impl Default for OriginFn {
    }
 }

+impl PartialEq for OriginFn {
+    fn eq(&self, other: &Self) -> bool {
+        Rc::ptr_eq(&self.boxed_fn, &other.boxed_fn)
+    }
+}
+
 impl fmt::Debug for OriginFn {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str("origin_fn")
@ -45,7 +46,7 @@ pub(crate) fn header_value_try_into_method(hdr: &HeaderValue) -> Option<Method>
        .and_then(|meth| Method::try_from(meth).ok())
 }

-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq)]
 pub(crate) struct Inner {
    pub(crate) allowed_origins: AllOrSome<HashSet<HeaderValue>>,
    pub(crate) allowed_origins_fns: SmallVec<[OriginFn; 4]>,
@ -223,7 +224,7 @@ pub(crate) fn add_vary_header(headers: &mut HeaderMap) {
            val.extend(b", Origin, Access-Control-Request-Method, Access-Control-Request-Headers");

            #[cfg(feature = "draft-private-network-access")]
-            val.extend(b", Access-Control-Allow-Private-Network");
+            val.extend(b", Access-Control-Request-Private-Network");

            val.try_into().unwrap()
        }
@ -231,7 +232,7 @@ pub(crate) fn add_vary_header(headers: &mut HeaderMap) {
        #[cfg(feature = "draft-private-network-access")]
        None => HeaderValue::from_static(
            "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, \
-            Access-Control-Allow-Private-Network",
+            Access-Control-Request-Private-Network",
        ),

        #[cfg(not(feature = "draft-private-network-access"))]
@ -266,6 +267,7 @@ mod test {
    async fn test_validate_not_allowed_origin() {
        let cors = Cors::default()
            .allowed_origin("https://www.example.com")
+            .block_on_origin_mismatch(true)
            .new_transform(test::ok_service())
            .await
            .unwrap();
--- a/actix-cors/src/lib.rs
+++ b/actix-cors/src/lib.rs
@ -25,14 +25,14 @@
 //! async fn main() -> std::io::Result<()> {
 //!     HttpServer::new(|| {
 //!         let cors = Cors::default()
-//!               .allowed_origin("https://www.rust-lang.org")
-//!               .allowed_origin_fn(|origin, _req_head| {
-//!                   origin.as_bytes().ends_with(b".rust-lang.org")
-//!               })
-//!               .allowed_methods(vec!["GET", "POST"])
-//!               .allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT])
-//!               .allowed_header(http::header::CONTENT_TYPE)
-//!               .max_age(3600);
+//!             .allowed_origin("https://www.rust-lang.org")
+//!             .allowed_origin_fn(|origin, _req_head| {
+//!                 origin.as_bytes().ends_with(b".rust-lang.org")
+//!             })
+//!             .allowed_methods(vec!["GET", "POST"])
+//!             .allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT])
+//!             .allowed_header(http::header::CONTENT_TYPE)
+//!             .max_age(3600);
 //!
 //!         App::new()
 //!             .wrap(cors)
@ -49,7 +49,6 @@
 //! [Private Network Access]: https://wicg.github.io/private-network-access

 #![forbid(unsafe_code)]
-#![deny(rust_2018_idioms, nonstandard_style)]
 #![warn(future_incompatible, missing_docs, missing_debug_implementations)]
 #![doc(html_logo_url = "https://actix.rs/img/logo.png")]
 #![doc(html_favicon_url = "https://actix.rs/favicon.ico")]
@ -61,8 +60,8 @@ mod error;
 mod inner;
 mod middleware;

-use all_or_some::AllOrSome;
-pub use builder::Cors;
-pub use error::CorsError;
-use inner::{Inner, OriginFn};
-pub use middleware::CorsMiddleware;
+use crate::{
+    all_or_some::AllOrSome,
+    inner::{Inner, OriginFn},
+};
+pub use crate::{builder::Cors, error::CorsError, middleware::CorsMiddleware};
--- a/actix-cors/tests/tests.rs
+++ b/actix-cors/tests/tests.rs
@ -272,7 +272,7 @@ async fn test_response() {
    #[cfg(feature = "draft-private-network-access")]
    assert_eq!(
        resp.headers().get(header::VARY).map(HeaderValue::as_bytes),
-        Some(&b"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network"[..]),
+        Some(&b"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network"[..]),
    );

    #[allow(clippy::needless_collect)]
@ -328,7 +328,7 @@ async fn test_response() {
    #[cfg(feature = "draft-private-network-access")]
    assert_eq!(
        resp.headers().get(header::VARY).map(HeaderValue::as_bytes).unwrap(),
-        b"Accept, Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
+        b"Accept, Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network",
    );

    let cors = Cors::default()
@ -382,12 +382,13 @@ async fn test_blocks_mismatched_origin_by_default() {
        .to_srv_request();

    let res = test::call_service(&cors, req).await;
-    assert_eq!(res.status(), StatusCode::BAD_REQUEST);
-    assert_eq!(res.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN), None);
-    assert!(res
+    assert_eq!(res.status(), StatusCode::OK);
+    assert!(!res
        .headers()
-        .get(header::ACCESS_CONTROL_ALLOW_METHODS)
-        .is_none());
+        .contains_key(header::ACCESS_CONTROL_ALLOW_ORIGIN));
+    assert!(!res
+        .headers()
+        .contains_key(header::ACCESS_CONTROL_ALLOW_METHODS));
 }

 #[actix_web::test]
@ -494,7 +495,7 @@ async fn vary_header_on_all_handled_responses() {
            .expect("response should have Vary header")
            .to_str()
            .unwrap(),
-        "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
+        "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network",
    );

    // follow-up regular request
@ -520,7 +521,7 @@ async fn vary_header_on_all_handled_responses() {
            .expect("response should have Vary header")
            .to_str()
            .unwrap(),
-        "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
+        "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network",
    );

    let cors = Cors::default()
@ -529,16 +530,23 @@ async fn vary_header_on_all_handled_responses() {
        .await
        .unwrap();

-    // regular request bad origin
+    // regular request OK with no CORS response headers
    let req = TestRequest::default()
        .method(Method::PUT)
        .insert_header((header::ORIGIN, "https://www.example.com"))
        .to_srv_request();
-    let resp = test::call_service(&cors, req).await;
-    assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
+    let res = test::call_service(&cors, req).await;
+    assert_eq!(res.status(), StatusCode::OK);
+    assert!(!res
+        .headers()
+        .contains_key(header::ACCESS_CONTROL_ALLOW_ORIGIN));
+    assert!(!res
+        .headers()
+        .contains_key(header::ACCESS_CONTROL_ALLOW_METHODS));
+
    #[cfg(not(feature = "draft-private-network-access"))]
    assert_eq!(
-        resp.headers()
+        res.headers()
            .get(header::VARY)
            .expect("response should have Vary header")
            .to_str()
@ -547,12 +555,12 @@ async fn vary_header_on_all_handled_responses() {
    );
    #[cfg(feature = "draft-private-network-access")]
    assert_eq!(
-        resp.headers()
+        res.headers()
            .get(header::VARY)
            .expect("response should have Vary header")
            .to_str()
            .unwrap(),
-        "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
+        "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network",
    );

    // regular request no origin
@ -575,7 +583,7 @@ async fn vary_header_on_all_handled_responses() {
            .expect("response should have Vary header")
            .to_str()
            .unwrap(),
-        "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
+        "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network",
    );
 }

--- a/actix-identity/CHANGES.md
+++ b/actix-identity/CHANGES.md
@ -2,6 +2,19 @@

 ## Unreleased

+## 0.8.0
+
+- Update `actix-session` dependency to `0.10`.
+
+## 0.7.1
+
+- Add `IdentityMiddlewareBuilder::{id_key, last_visit_unix_timestamp_key, login_unix_timestamp_key}()` methods for customizing keys used in session. Defaults remain the same as before.
+
+## 0.7.0
+
+- Update `actix-session` dependency to `0.9`.
+- Minimum supported Rust version (MSRV) is now 1.75.
+
 ## 0.6.0

 - Add `error` module.
--- a/actix-identity/Cargo.toml
+++ b/actix-identity/Cargo.toml
@ -1,14 +1,14 @@
 [package]
 name = "actix-identity"
-version = "0.6.0"
+version = "0.8.0"
 authors = [
    "Nikolay Kim <fafhrd91@gmail.com>",
    "Luca Palmieri <rust@lpalmieri.com>",
 ]
 description = "Identity management for Actix Web"
 keywords = ["actix", "auth", "identity", "web", "security"]
-homepage = "https://actix.rs"
-repository = "https://github.com/actix/actix-extras.git"
+repository.workspace = true
+homepage.workspace = true
 license.workspace = true
 edition.workspace = true
 rust-version.workspace = true
@ -19,20 +19,23 @@ all-features = true

 [dependencies]
 actix-service = "2"
-actix-session = "0.8"
+actix-session = "0.10"
 actix-utils = "3"
 actix-web = { version = "4", default-features = false, features = ["cookies", "secure-cookies"] }

-derive_more = "0.99.7"
-futures-core = "0.3.7"
+derive_more = { version = "2", features = ["display", "error", "from"] }
+futures-core = "0.3.17"
 serde = { version = "1", features = ["derive"] }
 tracing = { version = "0.1.30", default-features = false, features = ["log"] }

 [dev-dependencies]
 actix-http = "3"
 actix-web = { version = "4", default-features = false, features = ["macros", "cookies", "secure-cookies"] }
-actix-session = { version = "0.8", features = ["redis-rs-session", "cookie-session"] }
+actix-session = { version = "0.10", features = ["redis-session", "cookie-session"] }

-env_logger = "0.10"
-reqwest = { version = "0.11", default-features = false, features = ["cookies", "json"] }
+env_logger = "0.11"
+reqwest = { version = "0.12", default-features = false, features = ["cookies", "json"] }
 uuid = { version = "1", features = ["v4"] }
+
+[lints]
+workspace = true
--- a/actix-identity/README.md
+++ b/actix-identity/README.md
@ -2,12 +2,105 @@

 > Identity management for Actix Web.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-identity?label=latest)](https://crates.io/crates/actix-identity)
-[![Documentation](https://docs.rs/actix-identity/badge.svg?version=0.6.0)](https://docs.rs/actix-identity/0.6.0)
+[![Documentation](https://docs.rs/actix-identity/badge.svg?version=0.8.0)](https://docs.rs/actix-identity/0.8.0)
 ![Apache 2.0 or MIT licensed](https://img.shields.io/crates/l/actix-identity)
-[![Dependency Status](https://deps.rs/crate/actix-identity/0.6.0/status.svg)](https://deps.rs/crate/actix-identity/0.6.0)
+[![Dependency Status](https://deps.rs/crate/actix-identity/0.8.0/status.svg)](https://deps.rs/crate/actix-identity/0.8.0)

-## Documentation & community resources
+<!-- prettier-ignore-end -->

- [API Documentation](https://docs.rs/actix-identity)
- Minimum Supported Rust Version (MSRV): 1.57
+<!-- cargo-rdme start -->
+
+Identity management for Actix Web.
+
+`actix-identity` can be used to track identity of a user across multiple requests. It is built on top of HTTP sessions, via [`actix-session`](https://docs.rs/actix-session).
+
+## Getting started
+
+To start using identity management in your Actix Web application you must register [`IdentityMiddleware`] and `SessionMiddleware` as middleware on your `App`:
+
+```rust
+use actix_web::{cookie::Key, App, HttpServer, HttpResponse};
+use actix_identity::IdentityMiddleware;
+use actix_session::{storage::RedisSessionStore, SessionMiddleware};
+
+#[actix_web::main]
+async fn main() {
+    // When using `Key::generate()` it is important to initialize outside of the
+    // `HttpServer::new` closure. When deployed the secret key should be read from a
+    // configuration file or environment variables.
+    let secret_key = Key::generate();
+
+    let redis_store = RedisSessionStore::new("redis://127.0.0.1:6379")
+        .await
+        .unwrap();
+
+    HttpServer::new(move || {
+        App::new()
+            // Install the identity framework first.
+            .wrap(IdentityMiddleware::default())
+            // The identity system is built on top of sessions. You must install the session
+            // middleware to leverage `actix-identity`. The session middleware must be mounted
+            // AFTER the identity middleware: `actix-web` invokes middleware in the OPPOSITE
+            // order of registration when it receives an incoming request.
+            .wrap(SessionMiddleware::new(
+                 redis_store.clone(),
+                 secret_key.clone(),
+            ))
+            // Your request handlers [...]
+    })
+}
+```
+
+User identities can be created, accessed and destroyed using the [`Identity`] extractor in your request handlers:
+
+```rust
+use actix_web::{get, post, HttpResponse, Responder, HttpRequest, HttpMessage};
+use actix_identity::Identity;
+use actix_session::storage::RedisSessionStore;
+
+#[get("/")]
+async fn index(user: Option<Identity>) -> impl Responder {
+    if let Some(user) = user {
+        format!("Welcome! {}", user.id().unwrap())
+    } else {
+        "Welcome Anonymous!".to_owned()
+    }
+}
+
+#[post("/login")]
+async fn login(request: HttpRequest) -> impl Responder {
+    // Some kind of authentication should happen here
+    // e.g. password-based, biometric, etc.
+    // [...]
+
+    // attach a verified user identity to the active session
+    Identity::login(&request.extensions(), "User1".into()).unwrap();
+
+    HttpResponse::Ok()
+}
+
+#[post("/logout")]
+async fn logout(user: Option<Identity>) -> impl Responder {
+    if let Some(user) = user {
+        user.logout();
+    }
+    HttpResponse::Ok()
+}
+```
+
+## Advanced configuration
+
+By default, `actix-identity` does not automatically log out users. You can change this behaviour by customising the configuration for [`IdentityMiddleware`] via [`IdentityMiddleware::builder`].
+
+In particular, you can automatically log out users who:
+
+- have been inactive for a while (see [`IdentityMiddlewareBuilder::visit_deadline`]);
+- logged in too long ago (see [`IdentityMiddlewareBuilder::login_deadline`]).
+
+[`IdentityMiddlewareBuilder::visit_deadline`]: config::IdentityMiddlewareBuilder::visit_deadline
+[`IdentityMiddlewareBuilder::login_deadline`]: config::IdentityMiddlewareBuilder::login_deadline
+
+<!-- cargo-rdme end -->
--- a/actix-identity/examples/identity.rs
+++ b/actix-identity/examples/identity.rs
@ -13,10 +13,10 @@
 //! http -v --session=identity GET localhost:8080/
 //! ```

-use std::io;
+use std::{io, time::Duration};

 use actix_identity::{Identity, IdentityMiddleware};
-use actix_session::{storage::CookieSessionStore, SessionMiddleware};
+use actix_session::{config::PersistentSession, storage::CookieSessionStore, SessionMiddleware};
 use actix_web::{
    cookie::Key, get, middleware::Logger, post, App, HttpMessage, HttpRequest, HttpResponse,
    HttpServer, Responder,
@ -28,16 +28,25 @@ async fn main() -> io::Result<()> {

    let secret_key = Key::generate();

+    let expiration = Duration::from_secs(24 * 60 * 60);
+
    HttpServer::new(move || {
        let session_mw =
            SessionMiddleware::builder(CookieSessionStore::default(), secret_key.clone())
                // disable secure cookie for local testing
                .cookie_secure(false)
+                // Set a ttl for the cookie if the identity should live longer than the user session
+                .session_lifecycle(
+                    PersistentSession::default().session_ttl(expiration.try_into().unwrap()),
+                )
                .build();
+        let identity_mw = IdentityMiddleware::builder()
+            .visit_deadline(Some(expiration))
+            .build();

        App::new()
            // Install the identity framework first.
-            .wrap(IdentityMiddleware::default())
+            .wrap(identity_mw)
            // The identity system is built on top of sessions. You must install the session
            // middleware to leverage `actix-identity`. The session middleware must be mounted
            // AFTER the identity middleware: `actix-web` invokes middleware in the OPPOSITE
--- a/actix-identity/src/config.rs
+++ b/actix-identity/src/config.rs
@ -9,6 +9,9 @@ pub(crate) struct Configuration {
    pub(crate) on_logout: LogoutBehaviour,
    pub(crate) login_deadline: Option<Duration>,
    pub(crate) visit_deadline: Option<Duration>,
+    pub(crate) id_key: &'static str,
+    pub(crate) last_visit_unix_timestamp_key: &'static str,
+    pub(crate) login_unix_timestamp_key: &'static str,
 }

 impl Default for Configuration {
@ -17,6 +20,9 @@ impl Default for Configuration {
            on_logout: LogoutBehaviour::PurgeSession,
            login_deadline: None,
            visit_deadline: None,
+            id_key: "actix_identity.user_id",
+            last_visit_unix_timestamp_key: "actix_identity.last_visited_at",
+            login_unix_timestamp_key: "actix_identity.logged_in_at",
        }
    }
 }
@ -58,6 +64,24 @@ impl IdentityMiddlewareBuilder {
        }
    }

+    /// Set a custom key to identify the user in the session.
+    pub fn id_key(mut self, key: &'static str) -> Self {
+        self.configuration.id_key = key;
+        self
+    }
+
+    /// Set a custom key to store the last visited unix timestamp.
+    pub fn last_visit_unix_timestamp_key(mut self, key: &'static str) -> Self {
+        self.configuration.last_visit_unix_timestamp_key = key;
+        self
+    }
+
+    /// Set a custom key to store the login unix timestamp.
+    pub fn login_unix_timestamp_key(mut self, key: &'static str) -> Self {
+        self.configuration.login_unix_timestamp_key = key;
+        self
+    }
+
    /// Determines how [`Identity::logout`](crate::Identity::logout) affects the current session.
    ///
    /// By default, the current session is purged ([`LogoutBehaviour::PurgeSession`]).
--- a/actix-identity/src/error.rs
+++ b/actix-identity/src/error.rs
@ -2,11 +2,11 @@

 use actix_session::{SessionGetError, SessionInsertError};
 use actix_web::{cookie::time::error::ComponentRange, http::StatusCode, ResponseError};
-use derive_more::{Display, Error, From};
+use derive_more::derive::{Display, Error, From};

 /// Error that can occur during login attempts.
 #[derive(Debug, Display, Error, From)]
-#[display(fmt = "{_0}")]
+#[display("{_0}")]
 pub struct LoginError(SessionInsertError);

 impl ResponseError for LoginError {
@ -17,7 +17,7 @@ impl ResponseError for LoginError {

 /// Error encountered when working with a session that has expired.
 #[derive(Debug, Display, Error)]
-#[display(fmt = "The given session has expired and is no longer valid")]
+#[display("The given session has expired and is no longer valid")]
 pub struct SessionExpiryError(#[error(not(source))] pub(crate) ComponentRange);

 /// The identity information has been lost.
@ -25,7 +25,7 @@ pub struct SessionExpiryError(#[error(not(source))] pub(crate) ComponentRange);
 /// Seeing this error in user code indicates a bug in actix-identity.
 #[derive(Debug, Display, Error)]
 #[display(
-    fmt = "The identity information in the current session has disappeared after having been \
+    "The identity information in the current session has disappeared after having been \
           successfully validated. This is likely to be a bug."
 )]
 #[non_exhaustive]
@ -33,7 +33,7 @@ pub struct LostIdentityError;

 /// There is no identity information attached to the current session.
 #[derive(Debug, Display, Error)]
-#[display(fmt = "There is no identity information attached to the current session")]
+#[display("There is no identity information attached to the current session")]
 #[non_exhaustive]
 pub struct MissingIdentityError;

@ -42,21 +42,21 @@ pub struct MissingIdentityError;
 #[non_exhaustive]
 pub enum GetIdentityError {
    /// The session has expired.
-    #[display(fmt = "{_0}")]
+    #[display("{_0}")]
    SessionExpiryError(SessionExpiryError),

    /// No identity is found in a session.
-    #[display(fmt = "{_0}")]
+    #[display("{_0}")]
    MissingIdentityError(MissingIdentityError),

    /// Failed to accessing the session store.
-    #[display(fmt = "{_0}")]
+    #[display("{_0}")]
    SessionGetError(SessionGetError),

    /// Identity info was lost after being validated.
    ///
    /// Seeing this error indicates a bug in actix-identity.
-    #[display(fmt = "{_0}")]
+    #[display("{_0}")]
    LostIdentityError(LostIdentityError),
 }

--- a/actix-identity/src/identity.rs
+++ b/actix-identity/src/identity.rs
@ -82,6 +82,9 @@ pub(crate) struct IdentityInner {
    pub(crate) logout_behaviour: LogoutBehaviour,
    pub(crate) is_login_deadline_enabled: bool,
    pub(crate) is_visit_deadline_enabled: bool,
+    pub(crate) id_key: &'static str,
+    pub(crate) last_visit_unix_timestamp_key: &'static str,
+    pub(crate) login_unix_timestamp_key: &'static str,
 }

 impl IdentityInner {
@ -101,15 +104,11 @@ impl IdentityInner {
    /// Retrieve the user id attached to the current session.
    fn get_identity(&self) -> Result<String, GetIdentityError> {
        self.session
-            .get::<String>(ID_KEY)?
+            .get::<String>(self.id_key)?
            .ok_or_else(|| MissingIdentityError.into())
    }
 }

-pub(crate) const ID_KEY: &str = "actix_identity.user_id";
-pub(crate) const LAST_VISIT_UNIX_TIMESTAMP_KEY: &str = "actix_identity.last_visited_at";
-pub(crate) const LOGIN_UNIX_TIMESTAMP_KEY: &str = "actix_identity.logged_in_at";
-
 impl Identity {
    /// Return the user id associated to the current session.
    ///
@ -130,7 +129,7 @@ impl Identity {
    pub fn id(&self) -> Result<String, GetIdentityError> {
        self.0
            .session
-            .get(ID_KEY)?
+            .get(self.0.id_key)?
            .ok_or_else(|| LostIdentityError.into())
    }

@ -153,13 +152,15 @@ impl Identity {
    /// ```
    pub fn login(ext: &Extensions, id: String) -> Result<Self, LoginError> {
        let inner = IdentityInner::extract(ext);
-        inner.session.insert(ID_KEY, id)?;
+        inner.session.insert(inner.id_key, id)?;
        let now = OffsetDateTime::now_utc().unix_timestamp();
        if inner.is_login_deadline_enabled {
-            inner.session.insert(LOGIN_UNIX_TIMESTAMP_KEY, now)?;
+            inner.session.insert(inner.login_unix_timestamp_key, now)?;
        }
        if inner.is_visit_deadline_enabled {
-            inner.session.insert(LAST_VISIT_UNIX_TIMESTAMP_KEY, now)?;
+            inner
+                .session
+                .insert(inner.last_visit_unix_timestamp_key, now)?;
        }
        inner.session.renew();
        Ok(Self(inner))
@ -191,12 +192,12 @@ impl Identity {
                self.0.session.purge();
            }
            LogoutBehaviour::DeleteIdentityKeys => {
-                self.0.session.remove(ID_KEY);
+                self.0.session.remove(self.0.id_key);
                if self.0.is_login_deadline_enabled {
-                    self.0.session.remove(LOGIN_UNIX_TIMESTAMP_KEY);
+                    self.0.session.remove(self.0.login_unix_timestamp_key);
                }
                if self.0.is_visit_deadline_enabled {
-                    self.0.session.remove(LAST_VISIT_UNIX_TIMESTAMP_KEY);
+                    self.0.session.remove(self.0.last_visit_unix_timestamp_key);
                }
            }
        }
@ -212,7 +213,7 @@ impl Identity {
        Ok(self
            .0
            .session
-            .get(LOGIN_UNIX_TIMESTAMP_KEY)?
+            .get(self.0.login_unix_timestamp_key)?
            .map(OffsetDateTime::from_unix_timestamp)
            .transpose()
            .map_err(SessionExpiryError)?)
@ -222,7 +223,7 @@ impl Identity {
        Ok(self
            .0
            .session
-            .get(LAST_VISIT_UNIX_TIMESTAMP_KEY)?
+            .get(self.0.last_visit_unix_timestamp_key)?
            .map(OffsetDateTime::from_unix_timestamp)
            .transpose()
            .map_err(SessionExpiryError)?)
@ -230,7 +231,9 @@ impl Identity {

    pub(crate) fn set_last_visited_at(&self) -> Result<(), LoginError> {
        let now = OffsetDateTime::now_utc().unix_timestamp();
-        self.0.session.insert(LAST_VISIT_UNIX_TIMESTAMP_KEY, now)?;
+        self.0
+            .session
+            .insert(self.0.last_visit_unix_timestamp_key, now)?;
        Ok(())
    }
 }
--- a/actix-identity/src/identity_ext.rs
+++ b/actix-identity/src/identity_ext.rs
@ -20,7 +20,7 @@ impl IdentityExt for ServiceRequest {
    }
 }

-impl<'a> IdentityExt for GuardContext<'a> {
+impl IdentityExt for GuardContext<'_> {
    fn get_identity(&self) -> Result<Identity, GetIdentityError> {
        Identity::extract(&self.req_data())
    }
--- a/actix-identity/src/lib.rs
+++ b/actix-identity/src/lib.rs
@ -1,94 +1,101 @@
-//! Identity management for Actix Web.
-//!
-//! `actix-identity` can be used to track identity of a user across multiple requests. It is built
-//! on top of HTTP sessions, via [`actix-session`](https://docs.rs/actix-session).
-//!
-//! # Getting started
-//! To start using identity management in your Actix Web application you must register
-//! [`IdentityMiddleware`] and `SessionMiddleware` as middleware on your `App`:
-//!
-//! ```no_run
-//! # use actix_web::web;
-//! use actix_web::{cookie::Key, App, HttpServer, HttpResponse};
-//! use actix_identity::IdentityMiddleware;
-//! use actix_session::{storage::RedisSessionStore, SessionMiddleware};
-//!
-//! #[actix_web::main]
-//! async fn main() {
-//!     let secret_key = Key::generate();
-//!     let redis_store = RedisSessionStore::new("redis://127.0.0.1:6379")
-//!         .await
-//!         .unwrap();
-//!
-//!     HttpServer::new(move || {
-//!         App::new()
-//!             // Install the identity framework first.
-//!             .wrap(IdentityMiddleware::default())
-//!             // The identity system is built on top of sessions. You must install the session
-//!             // middleware to leverage `actix-identity`. The session middleware must be mounted
-//!             // AFTER the identity middleware: `actix-web` invokes middleware in the OPPOSITE
-//!             // order of registration when it receives an incoming request.
-//!             .wrap(SessionMiddleware::new(
-//!                  redis_store.clone(),
-//!                  secret_key.clone()
-//!             ))
-//!             // Your request handlers [...]
-//!             # .default_service(web::to(|| HttpResponse::Ok()))
-//!     })
-//! # ;
-//! }
-//! ```
-//!
-//! User identities can be created, accessed and destroyed using the [`Identity`] extractor in your
-//! request handlers:
-//!
-//! ```no_run
-//! use actix_web::{get, post, HttpResponse, Responder, HttpRequest, HttpMessage};
-//! use actix_identity::Identity;
-//! use actix_session::storage::RedisSessionStore;
-//!
-//! #[get("/")]
-//! async fn index(user: Option<Identity>) -> impl Responder {
-//!     if let Some(user) = user {
-//!         format!("Welcome! {}", user.id().unwrap())
-//!     } else {
-//!         "Welcome Anonymous!".to_owned()
-//!     }
-//! }
-//!
-//! #[post("/login")]
-//! async fn login(request: HttpRequest) -> impl Responder {
-//!     // Some kind of authentication should happen here
-//!     // e.g. password-based, biometric, etc.
-//!     // [...]
-//!
-//!     // attach a verified user identity to the active session
-//!     Identity::login(&request.extensions(), "User1".into()).unwrap();
-//!
-//!     HttpResponse::Ok()
-//! }
-//!
-//! #[post("/logout")]
-//! async fn logout(user: Identity) -> impl Responder {
-//!     user.logout();
-//!     HttpResponse::Ok()
-//! }
-//! ```
-//!
-//! # Advanced configuration
-//! By default, `actix-identity` does not automatically log out users. You can change this behaviour
-//! by customising the configuration for [`IdentityMiddleware`] via [`IdentityMiddleware::builder`].
-//!
-//! In particular, you can automatically log out users who:
-//! - have been inactive for a while (see [`IdentityMiddlewareBuilder::visit_deadline`];
-//! - logged in too long ago (see [`IdentityMiddlewareBuilder::login_deadline`]).
-//!
-//! [`IdentityMiddlewareBuilder::visit_deadline`]: config::IdentityMiddlewareBuilder::visit_deadline
-//! [`IdentityMiddlewareBuilder::login_deadline`]: config::IdentityMiddlewareBuilder::login_deadline
+/*!
+Identity management for Actix Web.
+
+`actix-identity` can be used to track identity of a user across multiple requests. It is built
+on top of HTTP sessions, via [`actix-session`](https://docs.rs/actix-session).
+
+# Getting started
+To start using identity management in your Actix Web application you must register
+[`IdentityMiddleware`] and `SessionMiddleware` as middleware on your `App`:
+
+```no_run
+# use actix_web::web;
+use actix_web::{cookie::Key, App, HttpServer, HttpResponse};
+use actix_identity::IdentityMiddleware;
+use actix_session::{storage::RedisSessionStore, SessionMiddleware};
+
+#[actix_web::main]
+async fn main() {
+    // When using `Key::generate()` it is important to initialize outside of the
+    // `HttpServer::new` closure. When deployed the secret key should be read from a
+    // configuration file or environment variables.
+    let secret_key = Key::generate();
+
+    let redis_store = RedisSessionStore::new("redis://127.0.0.1:6379")
+        .await
+        .unwrap();
+
+    HttpServer::new(move || {
+        App::new()
+            // Install the identity framework first.
+            .wrap(IdentityMiddleware::default())
+            // The identity system is built on top of sessions. You must install the session
+            // middleware to leverage `actix-identity`. The session middleware must be mounted
+            // AFTER the identity middleware: `actix-web` invokes middleware in the OPPOSITE
+            // order of registration when it receives an incoming request.
+            .wrap(SessionMiddleware::new(
+                 redis_store.clone(),
+                 secret_key.clone(),
+            ))
+            // Your request handlers [...]
+            # .default_service(web::to(|| HttpResponse::Ok()))
+    })
+# ;
+}
+```
+
+User identities can be created, accessed and destroyed using the [`Identity`] extractor in your
+request handlers:
+
+```no_run
+use actix_web::{get, post, HttpResponse, Responder, HttpRequest, HttpMessage};
+use actix_identity::Identity;
+use actix_session::storage::RedisSessionStore;
+
+#[get("/")]
+async fn index(user: Option<Identity>) -> impl Responder {
+    if let Some(user) = user {
+        format!("Welcome! {}", user.id().unwrap())
+    } else {
+        "Welcome Anonymous!".to_owned()
+    }
+}
+
+#[post("/login")]
+async fn login(request: HttpRequest) -> impl Responder {
+    // Some kind of authentication should happen here
+    // e.g. password-based, biometric, etc.
+    // [...]
+
+    // attach a verified user identity to the active session
+    Identity::login(&request.extensions(), "User1".into()).unwrap();
+
+    HttpResponse::Ok()
+}
+
+#[post("/logout")]
+async fn logout(user: Option<Identity>) -> impl Responder {
+    if let Some(user) = user {
+        user.logout();
+    }
+    HttpResponse::Ok()
+}
+```
+
+# Advanced configuration
+By default, `actix-identity` does not automatically log out users. You can change this behaviour
+by customising the configuration for [`IdentityMiddleware`] via [`IdentityMiddleware::builder`].
+
+In particular, you can automatically log out users who:
+- have been inactive for a while (see [`IdentityMiddlewareBuilder::visit_deadline`]);
+- logged in too long ago (see [`IdentityMiddlewareBuilder::login_deadline`]).
+
+[`IdentityMiddlewareBuilder::visit_deadline`]: config::IdentityMiddlewareBuilder::visit_deadline
+[`IdentityMiddlewareBuilder::login_deadline`]: config::IdentityMiddlewareBuilder::login_deadline
+*/

 #![forbid(unsafe_code)]
-#![deny(rust_2018_idioms, nonstandard_style, missing_docs)]
-#![warn(future_incompatible)]
+#![deny(missing_docs)]
 #![doc(html_logo_url = "https://actix.rs/img/logo.png")]
 #![doc(html_favicon_url = "https://actix.rs/favicon.ico")]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
--- a/actix-identity/src/middleware.rs
+++ b/actix-identity/src/middleware.rs
@ -114,6 +114,9 @@ where
                logout_behaviour: configuration.on_logout.clone(),
                is_login_deadline_enabled: configuration.login_deadline.is_some(),
                is_visit_deadline_enabled: configuration.visit_deadline.is_some(),
+                id_key: configuration.id_key,
+                last_visit_unix_timestamp_key: configuration.last_visit_unix_timestamp_key,
+                login_unix_timestamp_key: configuration.login_unix_timestamp_key,
            };
            req.extensions_mut().insert(identity_inner);
            enforce_policies(&req, &configuration);
--- a/actix-identity/tests/integration/integration.rs
+++ b/actix-identity/tests/integration/integration.rs
@ -1,7 +1,7 @@
 use std::time::Duration;

 use actix_identity::{config::LogoutBehaviour, IdentityMiddleware};
-use actix_web::http::StatusCode;
+use reqwest::StatusCode;

 use crate::{fixtures::user_id, test_app::TestApp};

@ -28,6 +28,33 @@ async fn login_works() {
    assert!(response.status().is_success());
 }

+#[actix_web::test]
+async fn custom_keys_work_as_expected() {
+    let custom_id_key = "custom.user_id";
+    let custom_last_visited_key = "custom.last_visited_at";
+    let custom_logged_in_key = "custom.logged_in_at";
+
+    let app = TestApp::spawn_with_config(
+        IdentityMiddleware::builder()
+            .id_key(custom_id_key)
+            .last_visit_unix_timestamp_key(custom_last_visited_key)
+            .login_unix_timestamp_key(custom_logged_in_key),
+    );
+    let user_id = user_id();
+
+    let body = app.post_login(user_id.clone()).await;
+    assert_eq!(body.user_id, Some(user_id.clone()));
+
+    let response = app.get_identity_required().await;
+    assert!(response.status().is_success());
+
+    let response = app.post_logout().await;
+    assert!(response.status().is_success());
+
+    let response = app.get_identity_required().await;
+    assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
+}
+
 #[actix_web::test]
 async fn logging_in_again_replaces_the_current_identity() {
    let app = TestApp::spawn();
--- a/actix-limitation/CHANGES.md
+++ b/actix-limitation/CHANGES.md
@ -2,6 +2,9 @@

 ## Unreleased

+- Update `redis` dependency to `0.29`.
+- Update `actix-session` dependency to `0.9`.
+
 ## 0.5.1

 - No significant changes since `0.5.0`.
--- a/actix-limitation/Cargo.toml
+++ b/actix-limitation/Cargo.toml
@ -8,7 +8,7 @@ authors = [
 description = "Rate limiter using a fixed window counter for arbitrary keys, backed by Redis for Actix Web"
 keywords = ["actix-web", "rate-api", "rate-limit", "limitation"]
 categories = ["asynchronous", "web-programming"]
-repository = "https://github.com/actix/actix-extras.git"
+repository = "https://github.com/actix/actix-extras"
 license.workspace = true
 edition.workspace = true
 rust-version.workspace = true
@ -26,15 +26,18 @@ actix-utils = "3"
 actix-web = { version = "4", default-features = false, features = ["cookies"] }

 chrono = "0.4"
-derive_more = "0.99.7"
+derive_more = { version = "2", features = ["display", "error", "from"] }
 log = "0.4"
-redis = { version = "0.23", default-features = false, features = ["tokio-comp"] }
+redis = { version = "0.29", default-features = false, features = ["tokio-comp"] }
 time = "0.3"

 # session
-actix-session = { version = "0.8", optional = true }
+actix-session = { version = "0.10", optional = true }

 [dev-dependencies]
 actix-web = "4"
 static_assertions = "1"
 uuid = { version = "1", features = ["v4"] }
+
+[lints]
+workspace = true
--- a/actix-limitation/README.md
+++ b/actix-limitation/README.md
@ -3,11 +3,15 @@
 > Rate limiter using a fixed window counter for arbitrary keys, backed by Redis for Actix Web.  
 > Originally based on <https://github.com/fnichol/limitation>.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-limitation?label=latest)](https://crates.io/crates/actix-limitation)
 [![Documentation](https://docs.rs/actix-limitation/badge.svg?version=0.5.1)](https://docs.rs/actix-limitation/0.5.1)
 ![Apache 2.0 or MIT licensed](https://img.shields.io/crates/l/actix-limitation)
 [![Dependency Status](https://deps.rs/crate/actix-limitation/0.5.1/status.svg)](https://deps.rs/crate/actix-limitation/0.5.1)

+<!-- prettier-ignore-end -->
+
 ## Examples

 ```toml
--- a/actix-limitation/src/errors.rs
+++ b/actix-limitation/src/errors.rs
@ -1,4 +1,4 @@
-use derive_more::{Display, Error, From};
+use derive_more::derive::{Display, Error, From};

 use crate::status::Status;

@ -6,20 +6,20 @@ use crate::status::Status;
 #[derive(Debug, Display, Error, From)]
 pub enum Error {
    /// Redis client failed to connect or run a query.
-    #[display(fmt = "Redis client failed to connect or run a query")]
+    #[display("Redis client failed to connect or run a query")]
    Client(redis::RedisError),

    /// Limit is exceeded for a key.
-    #[display(fmt = "Limit is exceeded for a key")]
+    #[display("Limit is exceeded for a key")]
    #[from(ignore)]
    LimitExceeded(#[error(not(source))] Status),

    /// Time conversion failed.
-    #[display(fmt = "Time conversion failed")]
+    #[display("Time conversion failed")]
    Time(time::error::ComponentRange),

    /// Generic error.
-    #[display(fmt = "Generic error")]
+    #[display("Generic error")]
    #[from(ignore)]
    Other(#[error(not(source))] String),
 }
--- a/actix-limitation/src/lib.rs
+++ b/actix-limitation/src/lib.rs
@ -45,8 +45,7 @@
 //! ```

 #![forbid(unsafe_code)]
-#![deny(rust_2018_idioms, nonstandard_style)]
-#![warn(future_incompatible, missing_docs, missing_debug_implementations)]
+#![warn(missing_docs, missing_debug_implementations)]
 #![doc(html_logo_url = "https://actix.rs/img/logo.png")]
 #![doc(html_favicon_url = "https://actix.rs/favicon.ico")]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
@ -138,7 +137,7 @@ impl Limiter {
        let key = key.into();
        let expires = self.period.as_secs();

-        let mut connection = self.client.get_tokio_connection().await?;
+        let mut connection = self.client.get_multiplexed_tokio_connection().await?;

        // The seed of this approach is outlined Atul R in a blog post about rate limiting using
        // NodeJS and Redis. For more details, see https://blog.atulr.com/rate-limiter
--- a/actix-limitation/src/middleware.rs
+++ b/actix-limitation/src/middleware.rs
@ -53,7 +53,7 @@ where
    forward_ready!(service);

    fn call(&self, req: ServiceRequest) -> Self::Future {
-        // A mis-configuration of the Actix App will result in a **runtime** failure, so the expect
+        // A misconfiguration of the Actix App will result in a **runtime** failure, so the expect
        // method description is important context for the developer.
        let limiter = req
            .app_data::<web::Data<Limiter>>()
--- a/actix-limitation/src/status.rs
+++ b/actix-limitation/src/status.rs
@ -1,4 +1,4 @@
-use std::{convert::TryInto, ops::Add, time::Duration};
+use std::{ops::Add, time::Duration};

 use chrono::SubsecRound as _;

@ -16,7 +16,7 @@ impl Status {
    /// Constructs status limit status from parts.
    #[must_use]
    pub(crate) fn new(count: usize, limit: usize, reset_epoch_utc: usize) -> Self {
-        let remaining = if count >= limit { 0 } else { limit - count };
+        let remaining = limit.saturating_sub(count);

        Status {
            limit,
--- a/actix-protobuf/CHANGES.md
+++ b/actix-protobuf/CHANGES.md
@ -2,6 +2,11 @@

 ## Unreleased

+## 0.11.0
+
+- Updated `prost` dependency to `0.13`.
+- Minimum supported Rust version (MSRV) is now 1.75.
+
 ## 0.10.0

 - Updated `prost` dependency to `0.12`.
--- a/actix-protobuf/Cargo.toml
+++ b/actix-protobuf/Cargo.toml
@ -1,14 +1,14 @@
 [package]
 name = "actix-protobuf"
-version = "0.10.0"
+version = "0.11.0"
 authors = [
    "kingxsp <jin.hb.zh@outlook.com>",
    "Yuki Okushi <huyuumi.dev@gmail.com>",
 ]
 description = "Protobuf payload extractor for Actix Web"
 keywords = ["actix", "web", "protobuf", "protocol", "rpc"]
-homepage = "https://actix.rs"
-repository = "https://github.com/actix/actix-extras.git"
+repository.workspace = true
+homepage.workspace = true
 license.workspace = true
 edition.workspace = true
 rust-version.workspace = true
@ -19,10 +19,13 @@ all-features = true

 [dependencies]
 actix-web = { version = "4", default-features = false }
-derive_more = "0.99.7"
+derive_more = { version = "2", features = ["display"] }
 futures-util = { version = "0.3.17", default-features = false, features = ["std"] }
-prost = { version = "0.12", default-features = false }
+prost = { version = "0.13", default-features = false }

 [dev-dependencies]
 actix-web = { version = "4", default-features = false, features = ["macros"] }
-prost = { version = "0.12", default-features = false, features = ["prost-derive"] }
+prost = { version = "0.13", default-features = false, features = ["prost-derive"] }
+
+[lints]
+workspace = true
--- a/actix-protobuf/README.md
+++ b/actix-protobuf/README.md
@ -2,10 +2,14 @@

 > Protobuf payload extractor for Actix Web.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-protobuf?label=latest)](https://crates.io/crates/actix-protobuf)
-[![Documentation](https://docs.rs/actix-protobuf/badge.svg?version=0.10.0)](https://docs.rs/actix-protobuf/0.10.0)
+[![Documentation](https://docs.rs/actix-protobuf/badge.svg?version=0.11.0)](https://docs.rs/actix-protobuf/0.11.0)
 ![Apache 2.0 or MIT licensed](https://img.shields.io/crates/l/actix-protobuf)
-[![Dependency Status](https://deps.rs/crate/actix-protobuf/0.10.0/status.svg)](https://deps.rs/crate/actix-protobuf/0.10.0)
+[![Dependency Status](https://deps.rs/crate/actix-protobuf/0.11.0/status.svg)](https://deps.rs/crate/actix-protobuf/0.11.0)
+
+<!-- prettier-ignore-end -->

 ## Documentation & Resources

--- a/actix-protobuf/src/lib.rs
+++ b/actix-protobuf/src/lib.rs
@ -1,8 +1,6 @@
 //! Protobuf payload extractor for Actix Web.

 #![forbid(unsafe_code)]
-#![deny(rust_2018_idioms, nonstandard_style)]
-#![warn(future_incompatible)]
 #![doc(html_logo_url = "https://actix.rs/img/logo.png")]
 #![doc(html_favicon_url = "https://actix.rs/favicon.ico")]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
@ -24,7 +22,7 @@ use actix_web::{
    Error, FromRequest, HttpMessage, HttpRequest, HttpResponse, HttpResponseBuilder, Responder,
    ResponseError,
 };
-use derive_more::Display;
+use derive_more::derive::Display;
 use futures_util::{
    future::{FutureExt as _, LocalBoxFuture},
    stream::StreamExt as _,
@ -34,26 +32,28 @@ use prost::{DecodeError as ProtoBufDecodeError, EncodeError as ProtoBufEncodeErr
 #[derive(Debug, Display)]
 pub enum ProtoBufPayloadError {
    /// Payload size is bigger than 256k
-    #[display(fmt = "Payload size is bigger than 256k")]
+    #[display("Payload size is bigger than 256k")]
    Overflow,

    /// Content type error
-    #[display(fmt = "Content type error")]
+    #[display("Content type error")]
    ContentType,

    /// Serialize error
-    #[display(fmt = "ProtoBuf serialize error: {_0}")]
+    #[display("ProtoBuf serialize error: {_0}")]
    Serialize(ProtoBufEncodeError),

    /// Deserialize error
-    #[display(fmt = "ProtoBuf deserialize error: {_0}")]
+    #[display("ProtoBuf deserialize error: {_0}")]
    Deserialize(ProtoBufDecodeError),

    /// Payload error
-    #[display(fmt = "Error that occur during reading payload: {_0}")]
+    #[display("Error that occur during reading payload: {_0}")]
    Payload(PayloadError),
 }

+// TODO: impl error for ProtoBufPayloadError
+
 impl ResponseError for ProtoBufPayloadError {
    fn error_response(&self) -> HttpResponse {
        match *self {
--- a/actix-redis/CHANGES.md
+++ b/actix-redis/CHANGES.md
@ -1,159 +0,0 @@
-# Changes
-
-## Unreleased
-
-## 0.13.0
-
- Update `redis-async` dependency to `0.16`.
- Minimum supported Rust version (MSRV) is now 1.68.
-
-## 0.12.0
-
- Update `actix` dependency to `0.13`.
- Update `redis-async` dependency to `0.13`.
- Update `tokio-util` dependency to `0.7`.
- Minimum supported Rust version (MSRV) is now 1.57 due to transitive `time` dependency.
-
-## 0.11.0
-
-### Removed
-
- `RedisSession` has been removed. Check out `RedisActorSessionStore` in `actix-session` for a session store backed by Redis using `actix-redis`. [#212]
-
-### Changed
-
- Update `redis-async` dependency to `0.12`. [#212]
-
-[#212]: https://github.com/actix/actix-extras/pull/212
-
-## 0.10.0
-
- Update `actix-web` dependency to `4`.
-
-## 0.10.0-beta.6
-
- Update `actix-web` dependency to `4.0.0-rc.1`.
-
-## 0.10.0-beta.5
-
- Update `actix-web` dependency to `4.0.0.beta-18`. [#218]
- Minimum supported Rust version (MSRV) is now 1.54.
-
-[#218]: https://github.com/actix/actix-extras/pull/218
-
-## 0.10.0-beta.4
-
- A session will be created in Redis if and only if there is some data inside the session state. This reduces the performance impact of `RedisSession` on routes that do not leverage sessions. [#207]
- Update `actix-web` dependency to `4.0.0.beta-14`. [#209]
-
-[#207]: https://github.com/actix/actix-extras/pull/207
-[#209]: https://github.com/actix/actix-extras/pull/209
-
-## 0.10.0-beta.3
-
- Update `actix-web` dependency to v4.0.0-beta.10. [#203]
- Minimum supported Rust version (MSRV) is now 1.52.
-
-[#203]: https://github.com/actix/actix-extras/pull/203
-
-## 0.10.0-beta.2
-
- No notable changes.
-
-## 0.10.0-beta.1
-
- Update `actix-web` dependency to 4.0.0 beta.
- Minimum supported Rust version (MSRV) is now 1.46.0.
-
-## 0.9.2
-
- Implement `std::error::Error` for `Error` [#135]
- Allow the removal of `Max-Age` for session-only cookies. [#161]
-
-[#135]: https://github.com/actix/actix-extras/pull/135
-[#161]: https://github.com/actix/actix-extras/pull/161
-
-## 0.9.1
-
- Enforce minimum redis-async version of 0.6.3 to workaround breaking patch change.
-
-## 0.9.0
-
- Update `actix-web` dependency to 3.0.0.
- Minimize `futures` dependency.
-
-## 0.9.0-alpha.2
-
- Add `cookie_http_only` functionality to RedisSession builder, setting this
-  to false allows JavaScript to access cookies. Defaults to true.
- Change type of parameter of ttl method to u32.
- Update `actix` to 0.10.0-alpha.3
- Update `tokio-util` to 0.3
- Minimum supported Rust version(MSRV) is now 1.40.0.
-
-## 0.9.0-alpha.1
-
- Update `actix` to 0.10.0-alpha.2
- Update `actix-session` to 0.4.0-alpha.1
- Update `actix-web` to 3.0.0-alpha.1
- Update `time` to 0.2.9
-
-## 0.8.1
-
- Move `env_logger` dependency to dev-dependencies and update to 0.7
- Update `actix_web` to 2.0.0 from 2.0.0-rc
- Move repository to actix-extras
-
-## 0.8.0 - 2019-12-20
-
- Release
-
-## 0.8.0-alpha.1 - 2019-12-16
-
- Migrate to actix 0.9
-
-## 0.7.0 - 2019-09-25
-
- added cache_keygen functionality to RedisSession builder, enabling support for
-  customizable cache key creation
-
-## 0.6.1 - 2019-07-19
-
- remove ClonableService usage
- added comprehensive tests for session workflow
-
-## 0.6.0 - 2019-07-08
-
- actix-web 1.0.0 compatibility
- Upgraded logic that evaluates session state, including new SessionStatus field,
-  and introduced `session.renew()` and `session.purge()` functionality.
-  Use `renew()` to cycle the session key at successful login. `renew()` keeps a
-  session's state while replacing the old cookie and session key with new ones.
-  Use `purge()` at logout to invalidate the session cookie and remove the
-  session's redis cache entry.
-
-## 0.5.1 - 2018-08-02
-
- Use cookie 0.11
-
-## 0.5.0 - 2018-07-21
-
- Session cookie configuration
- Actix/Actix-web 0.7 compatibility
-
-## 0.4.0 - 2018-05-08
-
- Actix web 0.6 compatibility
-
-## 0.3.0 - 2018-04-10
-
- Actix web 0.5 compatibility
-
-## 0.2.0 - 2018-02-28
-
- Use resolver actor from actix
- Use actix web 0.5
-
-## 0.1.0 - 2018-01-23
-
- First release
--- a/actix-redis/Cargo.toml
+++ b/actix-redis/Cargo.toml
@ -1,48 +0,0 @@
-[package]
-name = "actix-redis"
-version = "0.13.0"
-authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
-description = "Actor-based Redis client"
-keywords = ["actix", "redis", "async"]
-homepage = "https://actix.rs"
-repository = "https://github.com/actix/actix-extras.git"
-categories = ["network-programming", "asynchronous"]
-license.workspace = true
-edition.workspace = true
-rust-version.workspace = true
-
-[package.metadata.docs.rs]
-rustdoc-args = ["--cfg", "docsrs"]
-all-features = true
-
-[lib]
-name = "actix_redis"
-path = "src/lib.rs"
-
-[features]
-default = ["web"]
-
-# actix-web integration
-web = ["actix-web"]
-
-[dependencies]
-actix = { version = "0.13", default-features = false }
-actix-rt = { version = "2.1", default-features = false }
-actix-service = "2"
-actix-tls = { version = "3", default-features = false, features = ["connect"] }
-
-log = "0.4.6"
-backoff = "0.4.0"
-derive_more = "0.99.7"
-futures-core = { version = "0.3.7", default-features = false }
-redis-async = "0.16"
-time = "0.3"
-tokio = { version = "1.18.4", features = ["sync"] }
-tokio-util = "0.7"
-actix-web = { version = "4", default-features = false, optional = true }
-
-[dev-dependencies]
-actix-test = "0.1.0-beta.12"
-actix-web = { version = "4", default-features = false, features = ["macros"] }
-env_logger = "0.10"
-serde = { version = "1.0.101", features = ["derive"] }
--- a/actix-redis/README.md
+++ b/actix-redis/README.md
@ -1,14 +0,0 @@
-# actix-redis
-
-> Actor-based Redis client.
-
-[![crates.io](https://img.shields.io/crates/v/actix-redis?label=latest)](https://crates.io/crates/actix-redis)
-[![Documentation](https://docs.rs/actix-redis/badge.svg?version=0.13.0)](https://docs.rs/actix-redis/0.13.0)
-![Apache 2.0 or MIT licensed](https://img.shields.io/crates/l/actix-redis)
-[![Dependency Status](https://deps.rs/crate/actix-redis/0.13.0/status.svg)](https://deps.rs/crate/actix-redis/0.13.0)
-
-## Documentation & Resources
-
- [API Documentation](https://docs.rs/actix-redis)
- [Example Project](https://github.com/actix/examples/tree/master/auth/redis-session)
- Minimum Supported Rust Version (MSRV): 1.57
--- a/actix-redis/src/lib.rs
+++ b/actix-redis/src/lib.rs
@ -1,32 +0,0 @@
-//! Redis integration for `actix`.
-
-#![forbid(unsafe_code)]
-#![deny(rust_2018_idioms, nonstandard_style)]
-#![warn(future_incompatible)]
-#![doc(html_logo_url = "https://actix.rs/img/logo.png")]
-#![doc(html_favicon_url = "https://actix.rs/favicon.ico")]
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
-
-use derive_more::{Display, Error, From};
-pub use redis_async::{error::Error as RespError, resp::RespValue, resp_array};
-
-mod redis;
-pub use self::redis::{Command, RedisActor};
-
-/// General purpose `actix-redis` error.
-#[derive(Debug, Display, Error, From)]
-pub enum Error {
-    #[display(fmt = "Redis error: {_0}")]
-    Redis(redis_async::error::Error),
-
-    /// Receiving message during reconnecting.
-    #[display(fmt = "Redis: Not connected")]
-    NotConnected,
-
-    /// Cancel all waiters when connection is dropped.
-    #[display(fmt = "Redis: Disconnected")]
-    Disconnected,
-}
-
-#[cfg(feature = "web")]
-impl actix_web::ResponseError for Error {}
--- a/actix-redis/src/redis.rs
+++ b/actix-redis/src/redis.rs
@ -1,143 +0,0 @@
-use std::{collections::VecDeque, io};
-
-use actix::prelude::*;
-use actix_rt::net::TcpStream;
-use actix_service::boxed::{self, BoxService};
-use actix_tls::connect::{ConnectError, ConnectInfo, Connection, ConnectorService};
-use backoff::{backoff::Backoff, ExponentialBackoff};
-use log::{error, info, warn};
-use redis_async::{
-    error::Error as RespError,
-    resp::{RespCodec, RespValue},
-};
-use tokio::{
-    io::{split, WriteHalf},
-    sync::oneshot,
-};
-use tokio_util::codec::FramedRead;
-
-use crate::Error;
-
-/// Command for sending data to Redis.
-#[derive(Debug)]
-pub struct Command(pub RespValue);
-
-impl Message for Command {
-    type Result = Result<RespValue, Error>;
-}
-
-/// Redis communication actor.
-pub struct RedisActor {
-    addr: String,
-    connector: BoxService<ConnectInfo<String>, Connection<String, TcpStream>, ConnectError>,
-    backoff: ExponentialBackoff,
-    cell: Option<actix::io::FramedWrite<RespValue, WriteHalf<TcpStream>, RespCodec>>,
-    queue: VecDeque<oneshot::Sender<Result<RespValue, Error>>>,
-}
-
-impl RedisActor {
-    /// Start new `Supervisor` with `RedisActor`.
-    pub fn start<S: Into<String>>(addr: S) -> Addr<RedisActor> {
-        let addr = addr.into();
-
-        let backoff = ExponentialBackoff {
-            max_elapsed_time: None,
-            ..Default::default()
-        };
-
-        Supervisor::start(|_| RedisActor {
-            addr,
-            connector: boxed::service(ConnectorService::default()),
-            cell: None,
-            backoff,
-            queue: VecDeque::new(),
-        })
-    }
-}
-
-impl Actor for RedisActor {
-    type Context = Context<Self>;
-
-    fn started(&mut self, ctx: &mut Context<Self>) {
-        let req = ConnectInfo::new(self.addr.to_owned());
-        self.connector
-            .call(req)
-            .into_actor(self)
-            .map(|res, act, ctx| match res {
-                Ok(conn) => {
-                    let stream = conn.into_parts().0;
-                    info!("Connected to redis server: {}", act.addr);
-
-                    let (r, w) = split(stream);
-
-                    // configure write side of the connection
-                    let framed = actix::io::FramedWrite::new(w, RespCodec, ctx);
-                    act.cell = Some(framed);
-
-                    // read side of the connection
-                    ctx.add_stream(FramedRead::new(r, RespCodec));
-
-                    act.backoff.reset();
-                }
-                Err(err) => {
-                    error!("Can not connect to redis server: {}", err);
-                    // re-connect with backoff time.
-                    // we stop current context, supervisor will restart it.
-                    if let Some(timeout) = act.backoff.next_backoff() {
-                        ctx.run_later(timeout, |_, ctx| ctx.stop());
-                    }
-                }
-            })
-            .wait(ctx);
-    }
-}
-
-impl Supervised for RedisActor {
-    fn restarting(&mut self, _: &mut Self::Context) {
-        self.cell.take();
-        for tx in self.queue.drain(..) {
-            let _ = tx.send(Err(Error::Disconnected));
-        }
-    }
-}
-
-impl actix::io::WriteHandler<io::Error> for RedisActor {
-    fn error(&mut self, err: io::Error, _: &mut Self::Context) -> Running {
-        warn!("Redis connection dropped: {} error: {}", self.addr, err);
-        Running::Stop
-    }
-}
-
-impl StreamHandler<Result<RespValue, RespError>> for RedisActor {
-    fn handle(&mut self, msg: Result<RespValue, RespError>, ctx: &mut Self::Context) {
-        match msg {
-            Err(e) => {
-                if let Some(tx) = self.queue.pop_front() {
-                    let _ = tx.send(Err(e.into()));
-                }
-                ctx.stop();
-            }
-            Ok(val) => {
-                if let Some(tx) = self.queue.pop_front() {
-                    let _ = tx.send(Ok(val));
-                }
-            }
-        }
-    }
-}
-
-impl Handler<Command> for RedisActor {
-    type Result = ResponseFuture<Result<RespValue, Error>>;
-
-    fn handle(&mut self, msg: Command, _: &mut Self::Context) -> Self::Result {
-        let (tx, rx) = oneshot::channel();
-        if let Some(ref mut cell) = self.cell {
-            self.queue.push_back(tx);
-            cell.write(msg.0);
-        } else {
-            let _ = tx.send(Err(Error::NotConnected));
-        }
-
-        Box::pin(async move { rx.await.map_err(|_| Error::Disconnected)? })
-    }
-}
--- a/actix-redis/tests/test_redis.rs
+++ b/actix-redis/tests/test_redis.rs
@ -1,42 +0,0 @@
-#[macro_use]
-extern crate redis_async;
-
-use actix_redis::{Command, Error, RedisActor, RespValue};
-
-#[actix_web::test]
-async fn test_error_connect() {
-    let addr = RedisActor::start("localhost:54000");
-    let _addr2 = addr.clone();
-
-    let res = addr.send(Command(resp_array!["GET", "test"])).await;
-    match res {
-        Ok(Err(Error::NotConnected)) => (),
-        _ => panic!("Should not happen {:?}", res),
-    }
-}
-
-#[actix_web::test]
-async fn test_redis() {
-    env_logger::init();
-
-    let addr = RedisActor::start("127.0.0.1:6379");
-    let res = addr
-        .send(Command(resp_array!["SET", "test", "value"]))
-        .await;
-
-    match res {
-        Ok(Ok(resp)) => {
-            assert_eq!(resp, RespValue::SimpleString("OK".to_owned()));
-
-            let res = addr.send(Command(resp_array!["GET", "test"])).await;
-            match res {
-                Ok(Ok(resp)) => {
-                    println!("RESP: {resp:?}");
-                    assert_eq!(resp, RespValue::BulkString((&b"value"[..]).into()));
-                }
-                _ => panic!("Should not happen {:?}", res),
-            }
-        }
-        _ => panic!("Should not happen {:?}", res),
-    }
-}
--- a/actix-session/CHANGES.md
+++ b/actix-session/CHANGES.md
@ -2,6 +2,29 @@

 ## Unreleased

+- Add `Session::contains_key` method.
+- Add `Session::update[_or]()` methods.
+- Update `redis` dependency to `0.29`.
+
+## 0.10.1
+
+- Expose `storage::generate_session_key()` without needing to enable a crate feature.
+
+## 0.10.0
+
+- Add `redis-session-rustls` crate feature that enables `rustls`-secured Redis sessions.
+- Add `redis-pool` crate feature (off-by-default) which enables `RedisSessionStore::{new, builder}_pooled()` constructors.
+- Rename `redis-rs-session` crate feature to `redis-session`.
+- Rename `redis-rs-tls-session` crate feature to `redis-session-native-tls`.
+- Remove `redis-actor-session` crate feature (and, therefore, the `actix-redis` based storage backend).
+- Expose `storage::generate_session_key()`.
+- Update `redis` dependency to `0.26`.
+
+## 0.9.0
+
+- Remove use of `async-trait` on `SessionStore` trait.
+- Minimum supported Rust version (MSRV) is now 1.75.
+
 ## 0.8.0

 - Set secure attribute when adding a session removal cookie.
@ -172,10 +195,7 @@

 ## 0.2.0 - 2019-07-08

- Enhanced `actix-session` to facilitate state changes. Use `Session.renew()`
-  at successful login to cycle a session (new key/cookie but keeps state).
-  Use `Session.purge()` at logout to invalid a session cookie (and remove
-  from redis cache, if applicable).
+- Enhanced `actix-session` to facilitate state changes. Use `Session.renew()` at successful login to cycle a session (new key/cookie but keeps state). Use `Session.purge()` at logout to invalid a session cookie (and remove from redis cache, if applicable).

 ## 0.1.1 - 2019-06-03

--- a/actix-session/Cargo.toml
+++ b/actix-session/Cargo.toml
@ -1,14 +1,14 @@
 [package]
 name = "actix-session"
-version = "0.8.0"
+version = "0.10.1"
 authors = [
  "Nikolay Kim <fafhrd91@gmail.com>",
  "Luca Palmieri <rust@lpalmieri.com>",
 ]
 description = "Session management for Actix Web"
 keywords = ["http", "web", "framework", "async", "session"]
-homepage = "https://actix.rs"
-repository = "https://github.com/actix/actix-extras.git"
+repository.workspace = true
+homepage.workspace = true
 license.workspace = true
 edition.workspace = true
 rust-version.workspace = true
@ -20,9 +20,10 @@ all-features = true
 [features]
 default = []
 cookie-session = []
-redis-actor-session = ["actix-redis", "actix", "futures-core", "rand"]
-redis-rs-session = ["redis", "rand"]
-redis-rs-tls-session = ["redis-rs-session", "redis/tokio-native-tls-comp"]
+redis-session = ["dep:redis"]
+redis-session-native-tls = ["redis-session", "redis/tokio-native-tls-comp"]
+redis-session-rustls = ["redis-session", "redis/tokio-rustls-comp"]
+redis-pool = ["dep:deadpool-redis"]

 [dependencies]
 actix-service = "2"
@ -30,32 +31,30 @@ actix-utils = "3"
 actix-web = { version = "4", default-features = false, features = ["cookies", "secure-cookies"] }

 anyhow = "1"
-async-trait = "0.1"
-derive_more = "0.99.7"
-rand = { version = "0.8", optional = true }
+derive_more = { version = "2", features = ["display", "error", "from"] }
+rand = "0.9"
 serde = { version = "1" }
 serde_json = { version = "1" }
 tracing = { version = "0.1.30", default-features = false, features = ["log"] }

-# redis-actor-session
-actix = { version = "0.13", default-features = false, optional = true }
-actix-redis = { version = "0.12", optional = true }
-futures-core = { version = "0.3.7", default-features = false, optional = true }
-
-# redis-rs-session
-redis = { version = "0.23", default-features = false, features = ["tokio-comp", "connection-manager"], optional = true }
+# redis-session
+redis = { version = "0.29", default-features = false, features = ["tokio-comp", "connection-manager"], optional = true }
+deadpool-redis = { version = "0.20", optional = true }

 [dev-dependencies]
-actix-session = { path = ".", features = ["cookie-session", "redis-actor-session", "redis-rs-session"] }
-actix-test = "0.1.0-beta.10"
+actix-session = { path = ".", features = ["cookie-session", "redis-session"] }
+actix-test = "0.1"
 actix-web = { version = "4", default-features = false, features = ["cookies", "secure-cookies", "macros"] }
-env_logger = "0.10"
-log = "0.4"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+tracing = "0.1.30"
+
+[lints]
+workspace = true

 [[example]]
 name = "basic"
-required-features = ["redis-actor-session"]
+required-features = ["redis-session"]

 [[example]]
 name = "authentication"
-required-features = ["redis-actor-session"]
+required-features = ["redis-session"]
--- a/actix-session/README.md
+++ b/actix-session/README.md
@ -2,13 +2,124 @@

 > Session management for Actix Web.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-session?label=latest)](https://crates.io/crates/actix-session)
-[![Documentation](https://docs.rs/actix-session/badge.svg?version=0.8.0)](https://docs.rs/actix-session/0.8.0)
+[![Documentation](https://docs.rs/actix-session/badge.svg?version=0.10.1)](https://docs.rs/actix-session/0.10.1)
 ![Apache 2.0 or MIT licensed](https://img.shields.io/crates/l/actix-session)
-[![Dependency Status](https://deps.rs/crate/actix-session/0.8.0/status.svg)](https://deps.rs/crate/actix-session/0.8.0)
+[![Dependency Status](https://deps.rs/crate/actix-session/0.10.1/status.svg)](https://deps.rs/crate/actix-session/0.10.1)

-## Documentation & Resources
+<!-- prettier-ignore-end -->

- [API Documentation](https://docs.rs/actix-session)
- [Example Projects](https://github.com/actix/examples/tree/master/auth/cookie-session)
- Minimum Supported Rust Version (MSRV): 1.57
+<!-- cargo-rdme start -->
+
+Session management for Actix Web.
+
+The HTTP protocol, at a first glance, is stateless: the client sends a request, the server parses its content, performs some processing and returns a response. The outcome is only influenced by the provided inputs (i.e. the request content) and whatever state the server queries while performing its processing.
+
+Stateless systems are easier to reason about, but they are not quite as powerful as we need them to be - e.g. how do you authenticate a user? The user would be forced to authenticate **for every single request**. That is, for example, how 'Basic' Authentication works. While it may work for a machine user (i.e. an API client), it is impractical for a person—you do not want a login prompt on every single page you navigate to!
+
+There is a solution - **sessions**. Using sessions the server can attach state to a set of requests coming from the same client. They are built on top of cookies - the server sets a cookie in the HTTP response (`Set-Cookie` header), the client (e.g. the browser) will store the cookie and play it back to the server when sending new requests (using the `Cookie` header).
+
+We refer to the cookie used for sessions as a **session cookie**. Its content is called **session key** (or **session ID**), while the state attached to the session is referred to as **session state**.
+
+`actix-session` provides an easy-to-use framework to manage sessions in applications built on top of Actix Web. [`SessionMiddleware`] is the middleware underpinning the functionality provided by `actix-session`; it takes care of all the session cookie handling and instructs the **storage backend** to create/delete/update the session state based on the operations performed against the active [`Session`].
+
+`actix-session` provides some built-in storage backends: ([`CookieSessionStore`], [`RedisSessionStore`]) - you can create a custom storage backend by implementing the [`SessionStore`] trait.
+
+Further reading on sessions:
+
+- [RFC 6265](https://datatracker.ietf.org/doc/html/rfc6265);
+- [OWASP's session management cheat-sheet](https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html).
+
+## Getting started
+
+To start using sessions in your Actix Web application you must register [`SessionMiddleware`] as a middleware on your `App`:
+
+```rust
+use actix_web::{web, App, HttpServer, HttpResponse, Error};
+use actix_session::{Session, SessionMiddleware, storage::RedisSessionStore};
+use actix_web::cookie::Key;
+
+#[actix_web::main]
+async fn main() -> std::io::Result<()> {
+    // When using `Key::generate()` it is important to initialize outside of the
+    // `HttpServer::new` closure. When deployed the secret key should be read from a
+    // configuration file or environment variables.
+    let secret_key = Key::generate();
+
+    let redis_store = RedisSessionStore::new("redis://127.0.0.1:6379")
+        .await
+        .unwrap();
+
+    HttpServer::new(move ||
+            App::new()
+            // Add session management to your application using Redis for session state storage
+            .wrap(
+                SessionMiddleware::new(
+                    redis_store.clone(),
+                    secret_key.clone(),
+                )
+            )
+            .default_service(web::to(|| HttpResponse::Ok())))
+        .bind(("127.0.0.1", 8080))?
+        .run()
+        .await
+}
+```
+
+The session state can be accessed and modified by your request handlers using the [`Session`] extractor. Note that this doesn't work in the stream of a streaming response.
+
+```rust
+use actix_web::Error;
+use actix_session::Session;
+
+fn index(session: Session) -> Result<&'static str, Error> {
+    // access the session state
+    if let Some(count) = session.get::<i32>("counter")? {
+        println!("SESSION value: {}", count);
+        // modify the session state
+        session.insert("counter", count + 1)?;
+    } else {
+        session.insert("counter", 1)?;
+    }
+
+    Ok("Welcome!")
+}
+```
+
+## Choosing A Backend
+
+By default, `actix-session` does not provide any storage backend to retrieve and save the state attached to your sessions. You can enable:
+
+- a purely cookie-based "backend", [`CookieSessionStore`], using the `cookie-session` feature flag.
+
+  ```console
+  cargo add actix-session --features=cookie-session
+  ```
+
+- a Redis-based backend via the [`redis`] crate, [`RedisSessionStore`], using the `redis-session` feature flag.
+
+  ```console
+  cargo add actix-session --features=redis-session
+  ```
+
+  Add the `redis-session-native-tls` feature flag if you want to connect to Redis using a secure connection (via the `native-tls` crate):
+
+  ```console
+  cargo add actix-session --features=redis-session-native-tls
+  ```
+
+  If you, instead, prefer depending on `rustls`, use the `redis-session-rustls` feature flag:
+
+  ```console
+  cargo add actix-session --features=redis-session-rustls
+  ```
+
+You can implement your own session storage backend using the [`SessionStore`] trait.
+
+[`SessionStore`]: storage::SessionStore
+[`CookieSessionStore`]: storage::CookieSessionStore
+[`RedisSessionStore`]: storage::RedisSessionStore
+
+<!-- cargo-rdme end -->
--- a/actix-session/examples/authentication.rs
+++ b/actix-session/examples/authentication.rs
@ -1,10 +1,12 @@
-use actix_session::{storage::RedisActorSessionStore, Session, SessionMiddleware};
+use actix_session::{storage::RedisSessionStore, Session, SessionMiddleware};
 use actix_web::{
    cookie::{Key, SameSite},
    error::InternalError,
    middleware, web, App, Error, HttpResponse, HttpServer, Responder,
 };
 use serde::{Deserialize, Serialize};
+use tracing::level_filters::LevelFilter;
+use tracing_subscriber::EnvFilter;

 #[derive(Deserialize)]
 struct Credentials {
@ -71,12 +73,21 @@ async fn secret(session: Session) -> Result<impl Responder, Error> {

 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
-    env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            EnvFilter::builder()
+                .with_default_directive(LevelFilter::INFO.into())
+                .from_env_lossy(),
+        )
+        .init();

    // The signing key would usually be read from a configuration file/environment variables.
    let signing_key = Key::generate();

-    log::info!("starting HTTP server at http://localhost:8080");
+    tracing::info!("setting up Redis session storage");
+    let storage = RedisSessionStore::new("127.0.0.1:6379").await.unwrap();
+
+    tracing::info!("starting HTTP server at http://localhost:8080");

    HttpServer::new(move || {
        App::new()
@ -84,15 +95,12 @@ async fn main() -> std::io::Result<()> {
            .wrap(middleware::Logger::default())
            // cookie session middleware
            .wrap(
-                SessionMiddleware::builder(
-                    RedisActorSessionStore::new("127.0.0.1:6379"),
-                    signing_key.clone(),
-                )
-                // allow the cookie to be accessed from javascript
-                .cookie_http_only(false)
-                // allow the cookie only from the current domain
-                .cookie_same_site(SameSite::Strict)
-                .build(),
+                SessionMiddleware::builder(storage.clone(), signing_key.clone())
+                    // allow the cookie to be accessed from javascript
+                    .cookie_http_only(false)
+                    // allow the cookie only from the current domain
+                    .cookie_same_site(SameSite::Strict)
+                    .build(),
            )
            .route("/login", web::post().to(login))
            .route("/secret", web::get().to(secret))
--- a/actix-session/examples/basic.rs
+++ b/actix-session/examples/basic.rs
@ -1,5 +1,7 @@
-use actix_session::{storage::RedisActorSessionStore, Session, SessionMiddleware};
+use actix_session::{storage::RedisSessionStore, Session, SessionMiddleware};
 use actix_web::{cookie::Key, middleware, web, App, Error, HttpRequest, HttpServer, Responder};
+use tracing::level_filters::LevelFilter;
+use tracing_subscriber::EnvFilter;

 /// simple handler
 async fn index(req: HttpRequest, session: Session) -> Result<impl Responder, Error> {
@ -18,22 +20,28 @@ async fn index(req: HttpRequest, session: Session) -> Result<impl Responder, Err

 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
-    env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            EnvFilter::builder()
+                .with_default_directive(LevelFilter::INFO.into())
+                .from_env_lossy(),
+        )
+        .init();

    // The signing key would usually be read from a configuration file/environment variables.
    let signing_key = Key::generate();

-    log::info!("starting HTTP server at http://localhost:8080");
+    tracing::info!("setting up Redis session storage");
+    let storage = RedisSessionStore::new("127.0.0.1:6379").await.unwrap();
+
+    tracing::info!("starting HTTP server at http://localhost:8080");

    HttpServer::new(move || {
        App::new()
            // enable logger
            .wrap(middleware::Logger::default())
            // cookie session middleware
-            .wrap(SessionMiddleware::new(
-                RedisActorSessionStore::new("127.0.0.1:6379"),
-                signing_key.clone(),
-            ))
+            .wrap(SessionMiddleware::new(storage.clone(), signing_key.clone()))
            // register simple route, handle all methods
            .service(web::resource("/").to(index))
    })
--- a/actix-session/src/config.rs
+++ b/actix-session/src/config.rs
@ -1,7 +1,7 @@
 //! Configuration options to tune the behaviour of [`SessionMiddleware`].

 use actix_web::cookie::{time::Duration, Key, SameSite};
-use derive_more::From;
+use derive_more::derive::From;

 use crate::{storage::SessionStore, SessionMiddleware};

@ -131,6 +131,7 @@ impl PersistentSession {
    ///
    /// A persistent session can live more than the specified TTL if the TTL is extended.
    /// See [`session_ttl_extension_policy`](Self::session_ttl_extension_policy) for more details.
+    #[doc(alias = "max_age", alias = "max age", alias = "expires")]
    pub fn session_ttl(mut self, session_ttl: Duration) -> Self {
        self.session_ttl = session_ttl;
        self
--- a/actix-session/src/lib.rs
+++ b/actix-session/src/lib.rs
@ -27,11 +27,11 @@
 //! against the active [`Session`].
 //!
 //! `actix-session` provides some built-in storage backends: ([`CookieSessionStore`],
-//! [`RedisSessionStore`], and [`RedisActorSessionStore`]) - you can create a custom storage backend
-//! by implementing the [`SessionStore`] trait.
+//! [`RedisSessionStore`]) - you can create a custom storage backend by implementing the
+//! [`SessionStore`] trait.
 //!
 //! Further reading on sessions:
-//! - [RFC6265](https://datatracker.ietf.org/doc/html/rfc6265);
+//! - [RFC 6265](https://datatracker.ietf.org/doc/html/rfc6265);
 //! - [OWASP's session management cheat-sheet](https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html).
 //!
 //! # Getting started
@ -40,21 +40,27 @@
 //!
 //! ```no_run
 //! use actix_web::{web, App, HttpServer, HttpResponse, Error};
-//! use actix_session::{Session, SessionMiddleware, storage::RedisActorSessionStore};
+//! use actix_session::{Session, SessionMiddleware, storage::RedisSessionStore};
 //! use actix_web::cookie::Key;
 //!
 //! #[actix_web::main]
 //! async fn main() -> std::io::Result<()> {
-//!     // The secret key would usually be read from a configuration file/environment variables.
+//!     // When using `Key::generate()` it is important to initialize outside of the
+//!     // `HttpServer::new` closure. When deployed the secret key should be read from a
+//!     // configuration file or environment variables.
 //!     let secret_key = Key::generate();
-//!     let redis_connection_string = "127.0.0.1:6379";
+//!
+//!     let redis_store = RedisSessionStore::new("redis://127.0.0.1:6379")
+//!         .await
+//!         .unwrap();
+//!
 //!     HttpServer::new(move ||
 //!             App::new()
 //!             // Add session management to your application using Redis for session state storage
 //!             .wrap(
 //!                 SessionMiddleware::new(
-//!                     RedisActorSessionStore::new(redis_connection_string),
-//!                     secret_key.clone()
+//!                     redis_store.clone(),
+//!                     secret_key.clone(),
 //!                 )
 //!             )
 //!             .default_service(web::to(|| HttpResponse::Ok())))
@ -93,37 +99,28 @@
 //! - a purely cookie-based "backend", [`CookieSessionStore`], using the `cookie-session` feature
 //!   flag.
 //!
-//!   ```toml
-//!   [dependencies]
-//!   # ...
-//!   actix-session = { version = "...", features = ["cookie-session"] }
+//!   ```console
+//!   cargo add actix-session --features=cookie-session
 //!   ```
 //!
-//! - a Redis-based backend via [`actix-redis`](https://docs.rs/actix-redis),
-//!   [`RedisActorSessionStore`], using the `redis-actor-session` feature flag.
+//! - a Redis-based backend via the [`redis`] crate, [`RedisSessionStore`], using the
+//!   `redis-session` feature flag.
 //!
-//!   ```toml
-//!   [dependencies]
-//!   # ...
-//!   actix-session = { version = "...", features = ["redis-actor-session"] }
+//!   ```console
+//!   cargo add actix-session --features=redis-session
 //!   ```
 //!
-//! - a Redis-based backend via [`redis-rs`](https://docs.rs/redis-rs), [`RedisSessionStore`], using
-//!   the `redis-rs-session` feature flag.
+//!   Add the `redis-session-native-tls` feature flag if you want to connect to Redis using a secure
+//!   connection (via the `native-tls` crate):
 //!
-//!   ```toml
-//!   [dependencies]
-//!   # ...
-//!   actix-session = { version = "...", features = ["redis-rs-session"] }
+//!   ```console
+//!   cargo add actix-session --features=redis-session-native-tls
 //!   ```
 //!
-//!   Add the `redis-rs-tls-session` feature flag if you want to connect to Redis using a secured
-//!   connection:
+//!   If you, instead, prefer depending on `rustls`, use the `redis-session-rustls` feature flag:
 //!
-//!   ```toml
-//!   [dependencies]
-//!   # ...
-//!   actix-session = { version = "...", features = ["redis-rs-session", "redis-rs-tls-session"] }
+//!   ```console
+//!   cargo add actix-session --features=redis-session-rustls
 //!   ```
 //!
 //! You can implement your own session storage backend using the [`SessionStore`] trait.
@ -131,11 +128,9 @@
 //! [`SessionStore`]: storage::SessionStore
 //! [`CookieSessionStore`]: storage::CookieSessionStore
 //! [`RedisSessionStore`]: storage::RedisSessionStore
-//! [`RedisActorSessionStore`]: storage::RedisActorSessionStore

 #![forbid(unsafe_code)]
-#![deny(rust_2018_idioms, nonstandard_style)]
-#![warn(future_incompatible, missing_docs)]
+#![warn(missing_docs)]
 #![doc(html_logo_url = "https://actix.rs/img/logo.png")]
 #![doc(html_favicon_url = "https://actix.rs/favicon.ico")]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
@ -153,6 +148,7 @@ pub use self::{
 };

 #[cfg(test)]
+#[allow(missing_docs)]
 pub mod test_helpers {
    use actix_web::cookie::Key;

--- a/actix-session/src/middleware.rs
+++ b/actix-session/src/middleware.rs
@ -1,4 +1,4 @@
-use std::{collections::HashMap, convert::TryInto, fmt, future::Future, pin::Pin, rc::Rc};
+use std::{collections::HashMap, fmt, future::Future, pin::Pin, rc::Rc};

 use actix_utils::future::{ready, Ready};
 use actix_web::{
@ -47,7 +47,7 @@ use crate::{
 /// # Examples
 /// ```no_run
 /// use actix_web::{web, App, HttpServer, HttpResponse, Error};
-/// use actix_session::{Session, SessionMiddleware, storage::RedisActorSessionStore};
+/// use actix_session::{Session, SessionMiddleware, storage::RedisSessionStore};
 /// use actix_web::cookie::Key;
 ///
 /// // The secret key would usually be read from a configuration file/environment variables.
@ -59,20 +59,20 @@ use crate::{
 /// #[actix_web::main]
 /// async fn main() -> std::io::Result<()> {
 ///     let secret_key = get_secret_key();
-///     let redis_connection_string = "127.0.0.1:6379";
-///     HttpServer::new(move ||
-///             App::new()
-///             // Add session management to your application using Redis for session state storage
-///             .wrap(
-///                 SessionMiddleware::new(
-///                     RedisActorSessionStore::new(redis_connection_string),
-///                     secret_key.clone()
-///                 )
-///             )
-///             .default_service(web::to(|| HttpResponse::Ok())))
-///         .bind(("127.0.0.1", 8080))?
-///         .run()
-///         .await
+///     let storage = RedisSessionStore::new("127.0.0.1:6379").await.unwrap();
+///
+///     HttpServer::new(move || {
+///         App::new()
+///             // Add session management to your application using Redis as storage
+///             .wrap(SessionMiddleware::new(
+///                 storage.clone(),
+///                 secret_key.clone(),
+///             ))
+///             .default_service(web::to(|| HttpResponse::Ok()))
+///     })
+///     .bind(("127.0.0.1", 8080))?
+///     .run()
+///     .await
 /// }
 /// ```
 ///
@ -80,7 +80,7 @@ use crate::{
 ///
 /// ```no_run
 /// use actix_web::{App, cookie::{Key, time}, Error, HttpResponse, HttpServer, web};
-/// use actix_session::{Session, SessionMiddleware, storage::RedisActorSessionStore};
+/// use actix_session::{Session, SessionMiddleware, storage::RedisSessionStore};
 /// use actix_session::config::PersistentSession;
 ///
 /// // The secret key would usually be read from a configuration file/environment variables.
@ -92,25 +92,23 @@ use crate::{
 /// #[actix_web::main]
 /// async fn main() -> std::io::Result<()> {
 ///     let secret_key = get_secret_key();
-///     let redis_connection_string = "127.0.0.1:6379";
-///     HttpServer::new(move ||
-///             App::new()
+///     let storage = RedisSessionStore::new("127.0.0.1:6379").await.unwrap();
+///
+///     HttpServer::new(move || {
+///         App::new()
 ///             // Customise session length!
 ///             .wrap(
-///                 SessionMiddleware::builder(
-///                     RedisActorSessionStore::new(redis_connection_string),
-///                     secret_key.clone()
-///                 )
-///                 .session_lifecycle(
-///                     PersistentSession::default()
-///                         .session_ttl(time::Duration::days(5))
-///                 )
-///                 .build(),
+///                 SessionMiddleware::builder(storage.clone(), secret_key.clone())
+///                     .session_lifecycle(
+///                         PersistentSession::default().session_ttl(time::Duration::days(5)),
+///                     )
+///                     .build(),
 ///             )
-///             .default_service(web::to(|| HttpResponse::Ok())))
-///         .bind(("127.0.0.1", 8080))?
-///         .run()
-///         .await
+///             .default_service(web::to(|| HttpResponse::Ok()))
+///     })
+///     .bind(("127.0.0.1", 8080))?
+///     .run()
+///     .await
 /// }
 /// ```
 #[derive(Clone)]
--- a/actix-session/src/session.rs
+++ b/actix-session/src/session.rs
@ -14,7 +14,7 @@ use actix_web::{
    FromRequest, HttpMessage, HttpRequest, HttpResponse, ResponseError,
 };
 use anyhow::Context;
-use derive_more::{Display, From};
+use derive_more::derive::{Display, From};
 use serde::{de::DeserializeOwned, Serialize};

 /// The primary interface to access and modify session state.
@ -33,6 +33,9 @@ use serde::{de::DeserializeOwned, Serialize};
 ///         session.insert("counter", 1)?;
 ///     }
 ///
+///     // or use the shorthand
+///     session.update_or("counter", 1, |count: i32| count + 1);
+///
 ///     Ok("Welcome!")
 /// }
 /// # actix_web::web::to(index);
@ -97,6 +100,11 @@ impl Session {
        }
    }

+    /// Returns `true` if the session contains a value for the specified `key`.
+    pub fn contains_key(&self, key: &str) -> bool {
+        self.0.borrow().state.contains_key(key)
+    }
+
    /// Get all raw key-value data from the session.
    ///
    /// Note that values are JSON encoded.
@ -114,7 +122,9 @@ impl Session {
    /// Any serializable value can be used and will be encoded as JSON in session data, hence why
    /// only a reference to the value is taken.
    ///
-    /// It returns an error if it fails to serialize `value` to JSON.
+    /// # Errors
+    ///
+    /// Returns an error if JSON serialization of `value` fails.
    pub fn insert<T: Serialize>(
        &self,
        key: impl Into<String>,
@ -132,9 +142,8 @@ impl Session {
                .with_context(|| {
                    format!(
                        "Failed to serialize the provided `{}` type instance as JSON in order to \
-                        attach as session data to the `{}` key",
+                        attach as session data to the `{key}` key",
                        std::any::type_name::<T>(),
-                        &key
                    )
                })
                .map_err(SessionInsertError)?;
@ -145,6 +154,83 @@ impl Session {
        Ok(())
    }

+    /// Updates a key-value pair into the session.
+    ///
+    /// If the key exists then update it to the new value and place it back in. If the key does not
+    /// exist it will not be updated.
+    ///
+    /// Any serializable value can be used and will be encoded as JSON in the session data, hence
+    /// why only a reference to the value is taken.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error if JSON serialization of the value fails.
+    pub fn update<T: Serialize + DeserializeOwned, F>(
+        &self,
+        key: impl Into<String>,
+        updater: F,
+    ) -> Result<(), SessionUpdateError>
+    where
+        F: FnOnce(T) -> T,
+    {
+        let mut inner = self.0.borrow_mut();
+        let key_str = key.into();
+
+        if let Some(val_str) = inner.state.get(&key_str) {
+            let value = serde_json::from_str(val_str)
+                .with_context(|| {
+                    format!(
+                        "Failed to deserialize the JSON-encoded session data attached to key \
+                        `{key_str}` as a `{}` type",
+                        std::any::type_name::<T>()
+                    )
+                })
+                .map_err(SessionUpdateError)?;
+
+            let val = serde_json::to_string(&updater(value))
+                .with_context(|| {
+                    format!(
+                        "Failed to serialize the provided `{}` type instance as JSON in order to \
+                        attach as session data to the `{key_str}` key",
+                        std::any::type_name::<T>(),
+                    )
+                })
+                .map_err(SessionUpdateError)?;
+
+            inner.state.insert(key_str, val);
+        }
+
+        Ok(())
+    }
+
+    /// Updates a key-value pair into the session, or inserts a default value.
+    ///
+    /// If the key exists then update it to the new value and place it back in. If the key does not
+    /// exist the default value will be inserted instead.
+    ///
+    /// Any serializable value can be used and will be encoded as JSON in session data, hence why
+    /// only a reference to the value is taken.
+    ///
+    /// # Errors
+    ///
+    /// Returns error if JSON serialization of a value fails.
+    pub fn update_or<T: Serialize + DeserializeOwned, F>(
+        &self,
+        key: &str,
+        default_value: T,
+        updater: F,
+    ) -> Result<(), SessionUpdateError>
+    where
+        F: FnOnce(T) -> T,
+    {
+        if self.contains_key(key) {
+            self.update(key, updater)
+        } else {
+            self.insert(key, default_value)
+                .map_err(|err| SessionUpdateError(err.into()))
+        }
+    }
+
    /// Remove value from the session.
    ///
    /// If present, the JSON encoded value is returned.
@ -288,7 +374,7 @@ impl FromRequest for Session {

 /// Error returned by [`Session::get`].
 #[derive(Debug, Display, From)]
-#[display(fmt = "{_0}")]
+#[display("{_0}")]
 pub struct SessionGetError(anyhow::Error);

 impl StdError for SessionGetError {
@ -305,7 +391,7 @@ impl ResponseError for SessionGetError {

 /// Error returned by [`Session::insert`].
 #[derive(Debug, Display, From)]
-#[display(fmt = "{_0}")]
+#[display("{_0}")]
 pub struct SessionInsertError(anyhow::Error);

 impl StdError for SessionInsertError {
@ -319,3 +405,20 @@ impl ResponseError for SessionInsertError {
        HttpResponse::new(self.status_code())
    }
 }
+
+/// Error returned by [`Session::update`].
+#[derive(Debug, Display, From)]
+#[display("{_0}")]
+pub struct SessionUpdateError(anyhow::Error);
+
+impl StdError for SessionUpdateError {
+    fn source(&self) -> Option<&(dyn StdError + 'static)> {
+        Some(self.0.as_ref())
+    }
+}
+
+impl ResponseError for SessionUpdateError {
+    fn error_response(&self) -> HttpResponse<BoxBody> {
+        HttpResponse::new(self.status_code())
+    }
+}
--- a/actix-session/src/session_ext.rs
+++ b/actix-session/src/session_ext.rs
@ -31,7 +31,7 @@ impl SessionExt for ServiceResponse {
    }
 }

-impl<'a> SessionExt for GuardContext<'a> {
+impl SessionExt for GuardContext<'_> {
    fn get_session(&self) -> Session {
        Session::get_session(&mut self.req_data_mut())
    }
--- a/actix-session/src/storage/cookie.rs
+++ b/actix-session/src/storage/cookie.rs
@ -1,5 +1,3 @@
-use std::convert::TryInto;
-
 use actix_web::cookie::time::Duration;
 use anyhow::Error;

@ -51,7 +49,6 @@ use crate::storage::{
 #[non_exhaustive]
 pub struct CookieSessionStore;

-#[async_trait::async_trait(?Send)]
 impl SessionStore for CookieSessionStore {
    async fn load(&self, session_key: &SessionKey) -> Result<Option<SessionState>, LoadError> {
        serde_json::from_str(session_key.as_ref())
@ -69,10 +66,10 @@ impl SessionStore for CookieSessionStore {
            .map_err(anyhow::Error::new)
            .map_err(SaveError::Serialization)?;

-        Ok(session_key
+        session_key
            .try_into()
            .map_err(Into::into)
-            .map_err(SaveError::Other)?)
+            .map_err(SaveError::Other)
    }

    async fn update(
--- a/actix-session/src/storage/interface.rs
+++ b/actix-session/src/storage/interface.rs
@ -1,7 +1,7 @@
-use std::collections::HashMap;
+use std::{collections::HashMap, future::Future};

 use actix_web::cookie::time::Duration;
-use derive_more::Display;
+use derive_more::derive::Display;

 use super::SessionKey;

@ -10,41 +10,39 @@ pub(crate) type SessionState = HashMap<String, String>;
 /// The interface to retrieve and save the current session data from/to the chosen storage backend.
 ///
 /// You can provide your own custom session store backend by implementing this trait.
-///
-/// [`async-trait`](https://docs.rs/async-trait) is used for this trait's definition. Therefore, it
-/// is required for implementations, too. In particular, we use the send-optional variant:
-/// `#[async_trait(?Send)]`.
-#[async_trait::async_trait(?Send)]
 pub trait SessionStore {
    /// Loads the session state associated to a session key.
-    async fn load(&self, session_key: &SessionKey) -> Result<Option<SessionState>, LoadError>;
+    fn load(
+        &self,
+        session_key: &SessionKey,
+    ) -> impl Future<Output = Result<Option<SessionState>, LoadError>>;

    /// Persist the session state for a newly created session.
    ///
    /// Returns the corresponding session key.
-    async fn save(
+    fn save(
        &self,
        session_state: SessionState,
        ttl: &Duration,
-    ) -> Result<SessionKey, SaveError>;
+    ) -> impl Future<Output = Result<SessionKey, SaveError>>;

    /// Updates the session state associated to a pre-existing session key.
-    async fn update(
+    fn update(
        &self,
        session_key: SessionKey,
        session_state: SessionState,
        ttl: &Duration,
-    ) -> Result<SessionKey, UpdateError>;
+    ) -> impl Future<Output = Result<SessionKey, UpdateError>>;

    /// Updates the TTL of the session state associated to a pre-existing session key.
-    async fn update_ttl(
+    fn update_ttl(
        &self,
        session_key: &SessionKey,
        ttl: &Duration,
-    ) -> Result<(), anyhow::Error>;
+    ) -> impl Future<Output = Result<(), anyhow::Error>>;

    /// Deletes a session from the store.
-    async fn delete(&self, session_key: &SessionKey) -> Result<(), anyhow::Error>;
+    fn delete(&self, session_key: &SessionKey) -> impl Future<Output = Result<(), anyhow::Error>>;
 }

 // We cannot derive the `Error` implementation using `derive_more` for our custom errors:
@ -55,11 +53,11 @@ pub trait SessionStore {
 #[derive(Debug, Display)]
 pub enum LoadError {
    /// Failed to deserialize session state.
-    #[display(fmt = "Failed to deserialize session state")]
+    #[display("Failed to deserialize session state")]
    Deserialization(anyhow::Error),

    /// Something went wrong when retrieving the session state.
-    #[display(fmt = "Something went wrong when retrieving the session state")]
+    #[display("Something went wrong when retrieving the session state")]
    Other(anyhow::Error),
 }

@ -76,11 +74,11 @@ impl std::error::Error for LoadError {
 #[derive(Debug, Display)]
 pub enum SaveError {
    /// Failed to serialize session state.
-    #[display(fmt = "Failed to serialize session state")]
+    #[display("Failed to serialize session state")]
    Serialization(anyhow::Error),

    /// Something went wrong when persisting the session state.
-    #[display(fmt = "Something went wrong when persisting the session state")]
+    #[display("Something went wrong when persisting the session state")]
    Other(anyhow::Error),
 }

@ -97,11 +95,11 @@ impl std::error::Error for SaveError {
 /// Possible failures modes for [`SessionStore::update`].
 pub enum UpdateError {
    /// Failed to serialize session state.
-    #[display(fmt = "Failed to serialize session state")]
+    #[display("Failed to serialize session state")]
    Serialization(anyhow::Error),

    /// Something went wrong when updating the session state.
-    #[display(fmt = "Something went wrong when updating the session state.")]
+    #[display("Something went wrong when updating the session state.")]
    Other(anyhow::Error),
 }

--- a/actix-session/src/storage/mod.rs
+++ b/actix-session/src/storage/mod.rs
@ -1,28 +1,19 @@
 //! Pluggable storage backends for session state.

-mod interface;
-mod session_key;
-
-pub use self::{
-    interface::{LoadError, SaveError, SessionStore, UpdateError},
-    session_key::SessionKey,
-};
-
 #[cfg(feature = "cookie-session")]
 mod cookie;
-
-#[cfg(feature = "redis-actor-session")]
-mod redis_actor;
-
-#[cfg(feature = "redis-rs-session")]
+mod interface;
+#[cfg(feature = "redis-session")]
 mod redis_rs;
-
-#[cfg(any(feature = "redis-actor-session", feature = "redis-rs-session"))]
+mod session_key;
 mod utils;

 #[cfg(feature = "cookie-session")]
-pub use cookie::CookieSessionStore;
-#[cfg(feature = "redis-actor-session")]
-pub use redis_actor::{RedisActorSessionStore, RedisActorSessionStoreBuilder};
-#[cfg(feature = "redis-rs-session")]
-pub use redis_rs::{RedisSessionStore, RedisSessionStoreBuilder};
+pub use self::cookie::CookieSessionStore;
+#[cfg(feature = "redis-session")]
+pub use self::redis_rs::{RedisSessionStore, RedisSessionStoreBuilder};
+pub use self::{
+    interface::{LoadError, SaveError, SessionStore, UpdateError},
+    session_key::SessionKey,
+    utils::generate_session_key,
+};
--- a/actix-session/src/storage/redis_actor.rs
+++ b/actix-session/src/storage/redis_actor.rs
@ -118,7 +118,6 @@ impl RedisActorSessionStoreBuilder {
    }
 }

-#[async_trait::async_trait(?Send)]
 impl SessionStore for RedisActorSessionStore {
    async fn load(&self, session_key: &SessionKey) -> Result<Option<SessionState>, LoadError> {
        let cache_key = (self.configuration.cache_keygen)(session_key.as_ref());
@ -278,8 +277,6 @@ impl SessionStore for RedisActorSessionStore {
 mod tests {
    use std::collections::HashMap;

-    use actix_web::cookie::time::Duration;
-
    use super::*;
    use crate::test_helpers::acceptance_test_suite;

--- a/actix-session/src/storage/redis_rs.rs
+++ b/actix-session/src/storage/redis_rs.rs
@ -1,8 +1,8 @@
-use std::{convert::TryInto, sync::Arc};
+use std::sync::Arc;

 use actix_web::cookie::time::Duration;
-use anyhow::{Context, Error};
-use redis::{aio::ConnectionManager, AsyncCommands, Cmd, FromRedisValue, RedisResult, Value};
+use anyhow::Error;
+use redis::{aio::ConnectionManager, AsyncCommands, Client, Cmd, FromRedisValue, Value};

 use super::SessionKey;
 use crate::storage::{
@ -44,7 +44,7 @@ use crate::storage::{
 /// ```
 ///
 /// # TLS support
-/// Add the `redis-rs-tls-session` feature flag to enable TLS support. You can then establish a TLS
+/// Add the `redis-session-native-tls` or `redis-session-rustls` feature flag to enable TLS support. You can then establish a TLS
 /// connection to Redis using the `rediss://` URL scheme:
 ///
 /// ```no_run
@ -56,14 +56,38 @@ use crate::storage::{
 /// # })
 /// ```
 ///
-/// # Implementation notes
-/// `RedisSessionStore` leverages [`redis-rs`] as Redis client.
+/// # Pooled Redis Connections
 ///
-/// [`redis-rs`]: https://github.com/mitsuhiko/redis-rs
+/// When the `redis-pool` crate feature is enabled, a pre-existing pool from [`deadpool_redis`] can
+/// be provided.
+///
+/// ```no_run
+/// use actix_session::storage::RedisSessionStore;
+/// use deadpool_redis::{Config, Runtime};
+///
+/// let redis_cfg = Config::from_url("redis://127.0.0.1:6379");
+/// let redis_pool = redis_cfg.create_pool(Some(Runtime::Tokio1)).unwrap();
+///
+/// let store = RedisSessionStore::new_pooled(redis_pool);
+/// ```
+///
+/// # Implementation notes
+///
+/// `RedisSessionStore` leverages the [`redis`] crate as the underlying Redis client.
 #[derive(Clone)]
 pub struct RedisSessionStore {
    configuration: CacheConfiguration,
-    client: ConnectionManager,
+    client: RedisSessionConn,
+}
+
+#[derive(Clone)]
+enum RedisSessionConn {
+    /// Single connection.
+    Single(ConnectionManager),
+
+    /// Connection pool.
+    #[cfg(feature = "redis-pool")]
+    Pool(deadpool_redis::Pool),
 }

 #[derive(Clone)]
@ -80,34 +104,77 @@ impl Default for CacheConfiguration {
 }

 impl RedisSessionStore {
-    /// A fluent API to configure [`RedisSessionStore`].
-    /// It takes as input the only required input to create a new instance of [`RedisSessionStore`] - a
-    /// connection string for Redis.
-    pub fn builder<S: Into<String>>(connection_string: S) -> RedisSessionStoreBuilder {
+    /// Returns a fluent API builder to configure [`RedisSessionStore`].
+    ///
+    /// It takes as input the only required input to create a new instance of [`RedisSessionStore`]
+    /// - a connection string for Redis.
+    pub fn builder(connection_string: impl Into<String>) -> RedisSessionStoreBuilder {
        RedisSessionStoreBuilder {
            configuration: CacheConfiguration::default(),
-            connection_string: connection_string.into(),
+            conn_builder: RedisSessionConnBuilder::Single(connection_string.into()),
        }
    }

-    /// Create a new instance of [`RedisSessionStore`] using the default configuration.
-    /// It takes as input the only required input to create a new instance of [`RedisSessionStore`] - a
-    /// connection string for Redis.
-    pub async fn new<S: Into<String>>(
-        connection_string: S,
-    ) -> Result<RedisSessionStore, anyhow::Error> {
+    /// Returns a fluent API builder to configure [`RedisSessionStore`].
+    ///
+    /// It takes as input the only required input to create a new instance of [`RedisSessionStore`]
+    /// - a pool object for Redis.
+    #[cfg(feature = "redis-pool")]
+    pub fn builder_pooled(pool: impl Into<deadpool_redis::Pool>) -> RedisSessionStoreBuilder {
+        RedisSessionStoreBuilder {
+            configuration: CacheConfiguration::default(),
+            conn_builder: RedisSessionConnBuilder::Pool(pool.into()),
+        }
+    }
+
+    /// Creates a new instance of [`RedisSessionStore`] using the default configuration.
+    ///
+    /// It takes as input the only required input to create a new instance of [`RedisSessionStore`]
+    /// - a connection string for Redis.
+    pub async fn new(connection_string: impl Into<String>) -> Result<RedisSessionStore, Error> {
        Self::builder(connection_string).build().await
    }
+
+    /// Creates a new instance of [`RedisSessionStore`] using the default configuration.
+    ///
+    /// It takes as input the only required input to create a new instance of [`RedisSessionStore`]
+    /// - a pool object for Redis.
+    #[cfg(feature = "redis-pool")]
+    pub async fn new_pooled(
+        pool: impl Into<deadpool_redis::Pool>,
+    ) -> anyhow::Result<RedisSessionStore> {
+        Self::builder_pooled(pool).build().await
+    }
 }

 /// A fluent builder to construct a [`RedisSessionStore`] instance with custom configuration
 /// parameters.
-///
-/// [`RedisSessionStore`]: crate::storage::RedisSessionStore
 #[must_use]
 pub struct RedisSessionStoreBuilder {
-    connection_string: String,
    configuration: CacheConfiguration,
+    conn_builder: RedisSessionConnBuilder,
+}
+
+enum RedisSessionConnBuilder {
+    /// Single connection string.
+    Single(String),
+
+    /// Pre-built connection pool.
+    #[cfg(feature = "redis-pool")]
+    Pool(deadpool_redis::Pool),
+}
+
+impl RedisSessionConnBuilder {
+    async fn into_client(self) -> anyhow::Result<RedisSessionConn> {
+        Ok(match self {
+            RedisSessionConnBuilder::Single(conn_string) => {
+                RedisSessionConn::Single(ConnectionManager::new(Client::open(conn_string)?).await?)
+            }
+
+            #[cfg(feature = "redis-pool")]
+            RedisSessionConnBuilder::Pool(pool) => RedisSessionConn::Pool(pool),
+        })
+    }
 }

 impl RedisSessionStoreBuilder {
@ -120,11 +187,10 @@ impl RedisSessionStoreBuilder {
        self
    }

-    /// Finalise the builder and return a [`RedisActorSessionStore`] instance.
-    ///
-    /// [`RedisActorSessionStore`]: crate::storage::RedisActorSessionStore
-    pub async fn build(self) -> Result<RedisSessionStore, anyhow::Error> {
-        let client = ConnectionManager::new(redis::Client::open(self.connection_string)?).await?;
+    /// Finalises builder and returns a [`RedisSessionStore`] instance.
+    pub async fn build(self) -> anyhow::Result<RedisSessionStore> {
+        let client = self.conn_builder.into_client().await?;
+
        Ok(RedisSessionStore {
            configuration: self.configuration,
            client,
@ -132,7 +198,6 @@ impl RedisSessionStoreBuilder {
    }
 }

-#[async_trait::async_trait(?Send)]
 impl SessionStore for RedisSessionStore {
    async fn load(&self, session_key: &SessionKey) -> Result<Option<SessionState>, LoadError> {
        let cache_key = (self.configuration.cache_keygen)(session_key.as_ref());
@ -140,7 +205,6 @@ impl SessionStore for RedisSessionStore {
        let value: Option<String> = self
            .execute_command(redis::cmd("GET").arg(&[&cache_key]))
            .await
-            .map_err(Into::into)
            .map_err(LoadError::Other)?;

        match value {
@ -162,15 +226,19 @@ impl SessionStore for RedisSessionStore {
        let session_key = generate_session_key();
        let cache_key = (self.configuration.cache_keygen)(session_key.as_ref());

-        self.execute_command(redis::cmd("SET").arg(&[
-            &cache_key,
-            &body,
-            "NX", // NX: only set the key if it does not already exist
-            "EX", // EX: set expiry
-            &format!("{}", ttl.whole_seconds()),
-        ]))
+        self.execute_command::<()>(
+            redis::cmd("SET")
+                .arg(&[
+                    &cache_key, // key
+                    &body,      // value
+                    "NX",       // only set the key if it does not already exist
+                    "EX",       // set expiry / TTL
+                ])
+                .arg(
+                    ttl.whole_seconds(), // EXpiry in seconds
+                ),
+        )
        .await
-        .map_err(Into::into)
        .map_err(SaveError::Other)?;

        Ok(session_key)
@ -188,7 +256,7 @@ impl SessionStore for RedisSessionStore {

        let cache_key = (self.configuration.cache_keygen)(session_key.as_ref());

-        let v: redis::Value = self
+        let v: Value = self
            .execute_command(redis::cmd("SET").arg(&[
                &cache_key,
                &body,
@ -197,7 +265,6 @@ impl SessionStore for RedisSessionStore {
                &format!("{}", ttl.whole_seconds()),
            ]))
            .await
-            .map_err(Into::into)
            .map_err(UpdateError::Other)?;

        match v {
@ -213,7 +280,7 @@ impl SessionStore for RedisSessionStore {
                        SaveError::Other(err) => UpdateError::Other(err),
                    })
            }
-            Value::Int(_) | Value::Okay | Value::Status(_) => Ok(session_key),
+            Value::Int(_) | Value::Okay | Value::SimpleString(_) => Ok(session_key),
            val => Err(UpdateError::Other(anyhow::anyhow!(
                "Failed to update session state. {:?}",
                val
@ -221,26 +288,33 @@ impl SessionStore for RedisSessionStore {
        }
    }

-    async fn update_ttl(&self, session_key: &SessionKey, ttl: &Duration) -> Result<(), Error> {
+    async fn update_ttl(&self, session_key: &SessionKey, ttl: &Duration) -> anyhow::Result<()> {
        let cache_key = (self.configuration.cache_keygen)(session_key.as_ref());

-        self.client
-            .clone()
-            .expire(
-                &cache_key,
-                ttl.whole_seconds().try_into().context(
-                    "Failed to convert the state TTL into the number of whole seconds remaining",
-                )?,
-            )
-            .await?;
+        match self.client {
+            RedisSessionConn::Single(ref conn) => {
+                conn.clone()
+                    .expire::<_, ()>(&cache_key, ttl.whole_seconds())
+                    .await?;
+            }
+
+            #[cfg(feature = "redis-pool")]
+            RedisSessionConn::Pool(ref pool) => {
+                pool.get()
+                    .await?
+                    .expire::<_, ()>(&cache_key, ttl.whole_seconds())
+                    .await?;
+            }
+        }
+
        Ok(())
    }

-    async fn delete(&self, session_key: &SessionKey) -> Result<(), anyhow::Error> {
+    async fn delete(&self, session_key: &SessionKey) -> Result<(), Error> {
        let cache_key = (self.configuration.cache_keygen)(session_key.as_ref());
-        self.execute_command(redis::cmd("DEL").arg(&[&cache_key]))
+
+        self.execute_command::<()>(redis::cmd("DEL").arg(&[&cache_key]))
            .await
-            .map_err(Into::into)
            .map_err(UpdateError::Other)?;

        Ok(())
@ -262,24 +336,55 @@ impl RedisSessionStore {
    /// retry will be executed on a fresh connection, therefore it is likely to succeed (or fail for
    /// a different more meaningful reason).
    #[allow(clippy::needless_pass_by_ref_mut)]
-    async fn execute_command<T: FromRedisValue>(&self, cmd: &mut Cmd) -> RedisResult<T> {
+    async fn execute_command<T: FromRedisValue>(&self, cmd: &mut Cmd) -> anyhow::Result<T> {
        let mut can_retry = true;

-        loop {
-            match cmd.query_async(&mut self.client.clone()).await {
-                Ok(value) => return Ok(value),
-                Err(err) => {
-                    if can_retry && err.is_connection_dropped() {
-                        tracing::debug!(
-                            "Connection dropped while trying to talk to Redis. Retrying."
-                        );
+        match self.client {
+            RedisSessionConn::Single(ref conn) => {
+                let mut conn = conn.clone();

-                        // Retry at most once
-                        can_retry = false;
+                loop {
+                    match cmd.query_async(&mut conn).await {
+                        Ok(value) => return Ok(value),
+                        Err(err) => {
+                            if can_retry && err.is_connection_dropped() {
+                                tracing::debug!(
+                                    "Connection dropped while trying to talk to Redis. Retrying."
+                                );

-                        continue;
-                    } else {
-                        return Err(err);
+                                // Retry at most once
+                                can_retry = false;
+
+                                continue;
+                            } else {
+                                return Err(err.into());
+                            }
+                        }
+                    }
+                }
+            }
+
+            #[cfg(feature = "redis-pool")]
+            RedisSessionConn::Pool(ref pool) => {
+                let mut conn = pool.get().await?;
+
+                loop {
+                    match cmd.query_async(&mut conn).await {
+                        Ok(value) => return Ok(value),
+                        Err(err) => {
+                            if can_retry && err.is_connection_dropped() {
+                                tracing::debug!(
+                                    "Connection dropped while trying to talk to Redis. Retrying."
+                                );
+
+                                // Retry at most once
+                                can_retry = false;
+
+                                continue;
+                            } else {
+                                return Err(err.into());
+                            }
+                        }
                    }
                }
            }
@ -292,15 +397,27 @@ mod tests {
    use std::collections::HashMap;

    use actix_web::cookie::time;
-    use redis::AsyncCommands;
+    #[cfg(not(feature = "redis-session"))]
+    use deadpool_redis::{Config, Runtime};

    use super::*;
    use crate::test_helpers::acceptance_test_suite;

    async fn redis_store() -> RedisSessionStore {
-        RedisSessionStore::new("redis://127.0.0.1:6379")
-            .await
-            .unwrap()
+        #[cfg(feature = "redis-session")]
+        {
+            RedisSessionStore::new("redis://127.0.0.1:6379")
+                .await
+                .unwrap()
+        }
+
+        #[cfg(not(feature = "redis-session"))]
+        {
+            let redis_pool = Config::from_url("redis://127.0.0.1:6379")
+                .create_pool(Some(Runtime::Tokio1))
+                .unwrap();
+            RedisSessionStore::new(redis_pool.clone())
+        }
    }

    #[actix_web::test]
@ -320,12 +437,25 @@ mod tests {
    async fn loading_an_invalid_session_state_returns_deserialization_error() {
        let store = redis_store().await;
        let session_key = generate_session_key();
-        store
-            .client
-            .clone()
-            .set::<_, _, ()>(session_key.as_ref(), "random-thing-which-is-not-json")
-            .await
-            .unwrap();
+
+        match store.client {
+            RedisSessionConn::Single(ref conn) => conn
+                .clone()
+                .set::<_, _, ()>(session_key.as_ref(), "random-thing-which-is-not-json")
+                .await
+                .unwrap(),
+
+            #[cfg(feature = "redis-pool")]
+            RedisSessionConn::Pool(ref pool) => {
+                pool.get()
+                    .await
+                    .unwrap()
+                    .set::<_, _, ()>(session_key.as_ref(), "random-thing-which-is-not-json")
+                    .await
+                    .unwrap();
+            }
+        }
+
        assert!(matches!(
            store.load(&session_key).await.unwrap_err(),
            LoadError::Deserialization(_),
--- a/actix-session/src/storage/session_key.rs
+++ b/actix-session/src/storage/session_key.rs
@ -1,6 +1,4 @@
-use std::convert::TryFrom;
-
-use derive_more::{Display, From};
+use derive_more::derive::{Display, From};

 /// A session key, the string stored in a client-side cookie to associate a user with its session
 /// state on the backend.
@ -9,8 +7,7 @@ use derive_more::{Display, From};
 /// Session keys are stored as cookies, therefore they cannot be arbitrary long. Session keys are
 /// required to be smaller than 4064 bytes.
 ///
-/// ```rust
-/// # use std::convert::TryInto;
+/// ```
 /// use actix_session::storage::SessionKey;
 ///
 /// let key: String = std::iter::repeat('a').take(4065).collect();
@ -48,7 +45,7 @@ impl From<SessionKey> for String {
 }

 #[derive(Debug, Display, From)]
-#[display(fmt = "The provided string is not a valid session key")]
+#[display("The provided string is not a valid session key")]
 pub struct InvalidSessionKeyError(anyhow::Error);

 impl std::error::Error for InvalidSessionKeyError {
--- a/actix-session/src/storage/utils.rs
+++ b/actix-session/src/storage/utils.rs
@ -1,19 +1,13 @@
-use std::convert::TryInto;
-
-use rand::{distributions::Alphanumeric, rngs::OsRng, Rng as _};
+use rand::distr::{Alphanumeric, SampleString as _};

 use crate::storage::SessionKey;

 /// Session key generation routine that follows [OWASP recommendations].
 ///
 /// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
-pub(crate) fn generate_session_key() -> SessionKey {
-    let value = std::iter::repeat(())
-        .map(|()| OsRng.sample(Alphanumeric))
-        .take(64)
-        .collect::<Vec<_>>();
-
-    // These unwraps will never panic because pre-conditions are always verified
-    // (i.e. length and character set)
-    String::from_utf8(value).unwrap().try_into().unwrap()
+pub fn generate_session_key() -> SessionKey {
+    Alphanumeric
+        .sample_string(&mut rand::rng(), 64)
+        .try_into()
+        .expect("generated string should be within size range for a session key")
 }
--- a/actix-session/tests/opaque_errors.rs
+++ b/actix-session/tests/opaque_errors.rs
@ -1,4 +1,4 @@
-use std::{collections::HashMap, convert::TryInto};
+use std::collections::HashMap;

 use actix_session::{
    storage::{LoadError, SaveError, SessionKey, SessionStore, UpdateError},
@ -44,7 +44,6 @@ async fn errors_are_opaque() {

 struct MockStore;

-#[async_trait::async_trait(?Send)]
 impl SessionStore for MockStore {
    async fn load(
        &self,
--- a/actix-session/tests/session.rs
+++ b/actix-session/tests/session.rs
@ -69,6 +69,16 @@ async fn session_entries() {
    map.contains_key("test_num");
 }

+#[actix_web::test]
+async fn session_contains_key() {
+    let req = test::TestRequest::default().to_srv_request();
+    let session = req.get_session();
+    session.insert("test_str", "val").unwrap();
+    session.insert("test_str", 1).unwrap();
+    assert!(session.contains_key("test_str"));
+    assert!(!session.contains_key("test_num"));
+}
+
 #[actix_web::test]
 async fn insert_session_after_renew() {
    let session = test::TestRequest::default().to_srv_request().get_session();
@ -83,6 +93,35 @@ async fn insert_session_after_renew() {
    assert_eq!(session.status(), SessionStatus::Renewed);
 }

+#[actix_web::test]
+async fn update_session() {
+    let session = test::TestRequest::default().to_srv_request().get_session();
+
+    session.update("test_val", |c: u32| c + 1).unwrap();
+    assert_eq!(session.status(), SessionStatus::Unchanged);
+
+    session.insert("test_val", 0).unwrap();
+    assert_eq!(session.status(), SessionStatus::Changed);
+
+    session.update("test_val", |c: u32| c + 1).unwrap();
+    assert_eq!(session.get("test_val").unwrap(), Some(1));
+
+    session.update("test_val", |c: u32| c + 1).unwrap();
+    assert_eq!(session.get("test_val").unwrap(), Some(2));
+}
+
+#[actix_web::test]
+async fn update_or_session() {
+    let session = test::TestRequest::default().to_srv_request().get_session();
+
+    session.update_or("test_val", 1, |c: u32| c + 1).unwrap();
+    assert_eq!(session.status(), SessionStatus::Changed);
+    assert_eq!(session.get("test_val").unwrap(), Some(1));
+
+    session.update_or("test_val", 1, |c: u32| c + 1).unwrap();
+    assert_eq!(session.get("test_val").unwrap(), Some(2));
+}
+
 #[actix_web::test]
 async fn remove_session_after_renew() {
    let session = test::TestRequest::default().to_srv_request().get_session();
--- a/actix-settings/CHANGES.md
+++ b/actix-settings/CHANGES.md
@ -2,6 +2,19 @@

 ## Unreleased

+## 0.8.0
+
+- Add `openssl` crate feature for TLS settings using OpenSSL.
+- Add `ApplySettings::try_apply_settings()`.
+- Implement TLS logic for `ApplySettings::try_apply_settings()`.
+- Add `Tls::get_ssl_acceptor_builder()` function to build `openssl::ssl::SslAcceptorBuilder`.
+- Deprecate `ApplySettings::apply_settings()`.
+- Minimum supported Rust version (MSRV) is now 1.75.
+
+## 0.7.1
+
+- Fix doc examples.
+
 ## 0.7.0

 - The `ApplySettings` trait now includes a type parameter, allowing multiple types to be implemented per configuration target.
--- a/actix-settings/Cargo.toml
+++ b/actix-settings/Cargo.toml
@ -1,29 +1,37 @@
 [package]
 name = "actix-settings"
-version = "0.7.0"
+version = "0.8.0"
 authors = [
    "Joey Ezechiels <joey.ezechiels@gmail.com>",
    "Rob Ede <robjtede@icloud.com>",
 ]
 description = "Easily manage Actix Web's settings from a TOML file and environment variables"
+repository.workspace = true
+homepage.workspace = true
 license.workspace = true
 edition.workspace = true
 rust-version.workspace = true

 [package.metadata.docs.rs]
 rustdoc-args = ["--cfg", "docsrs"]
-all-features = true
+
+[features]
+openssl = ["dep:openssl", "actix-web/openssl"]

 [dependencies]
 actix-http = "3"
 actix-service = "2"
 actix-web = { version = "4", default-features = false }
-derive_more = "0.99.7"
-once_cell = "1.13"
+derive_more = { version = "2", features = ["display", "error"] }
+once_cell = "1.21"
+openssl = { version = "0.10", features = ["v110"], optional = true }
 regex = "1.5"
 serde = { version = "1", features = ["derive"] }
 toml = "0.8"

 [dev-dependencies]
 actix-web = "4"
-env_logger = "0.10"
+env_logger = "0.11"
+
+[lints]
+workspace = true
--- a/actix-settings/README.md
+++ b/actix-settings/README.md
@ -2,10 +2,14 @@

 > Easily manage Actix Web's settings from a TOML file and environment variables.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-settings?label=latest)](https://crates.io/crates/actix-settings)
-[![Documentation](https://docs.rs/actix-settings/badge.svg?version=0.7.0)](https://docs.rs/actix-settings/0.7.0)
+[![Documentation](https://docs.rs/actix-settings/badge.svg?version=0.8.0)](https://docs.rs/actix-settings/0.8.0)
 ![Apache 2.0 or MIT licensed](https://img.shields.io/crates/l/actix-settings)
-[![Dependency Status](https://deps.rs/crate/actix-settings/0.7.0/status.svg)](https://deps.rs/crate/actix-settings/0.7.0)
+[![Dependency Status](https://deps.rs/crate/actix-settings/0.8.0/status.svg)](https://deps.rs/crate/actix-settings/0.8.0)
+
+<!-- prettier-ignore-end -->

 ## Documentation & Resources

@ -19,10 +23,6 @@ There is a way to extend the available settings. This can be used to combine the

 Have a look at [the usage example][usage] to see how.

-## WIP
-
-Configuration options for TLS set up are not yet implemented.
-
 ## Special Thanks

 This crate was made possible by support from Accept B.V and [@jjpe].
--- a/actix-settings/examples/actix.rs
+++ b/actix-settings/examples/actix.rs
@ -57,7 +57,7 @@ async fn main() -> std::io::Result<()> {
        }
    })
    // apply the `Settings` to Actix Web's `HttpServer`
-    .apply_settings(&settings)
+    .try_apply_settings(&settings)?
    .run()
    .await
 }
--- a/actix-settings/src/error.rs
+++ b/actix-settings/src/error.rs
@ -1,22 +1,24 @@
 use std::{env::VarError, io, num::ParseIntError, path::PathBuf, str::ParseBoolError};

-use derive_more::{Display, Error};
+use derive_more::derive::{Display, Error};
+#[cfg(feature = "openssl")]
+use openssl::error::ErrorStack as OpenSSLError;
 use toml::de::Error as TomlError;

 /// Errors that can be returned from methods in this crate.
 #[derive(Debug, Display, Error)]
 pub enum Error {
    /// Environment variable does not exists or is invalid.
-    #[display(fmt = "Env var error: {_0}")]
+    #[display("Env var error: {_0}")]
    EnvVarError(VarError),

    /// File already exists on disk.
-    #[display(fmt = "File exists: {}", "_0.display()")]
+    #[display("File exists: {}", _0.display())]
    FileExists(#[error(not(source))] PathBuf),

    /// Invalid value.
    #[allow(missing_docs)]
-    #[display(fmt = "Expected {expected}, got {got} (@ {file}:{line}:{column})")]
+    #[display("Expected {expected}, got {got} (@ {file}:{line}:{column})")]
    InvalidValue {
        expected: &'static str,
        got: String,
@ -26,23 +28,28 @@ pub enum Error {
    },

    /// I/O error.
-    #[display(fmt = "")]
+    #[display("I/O error: {_0}")]
    IoError(io::Error),

+    /// OpenSSL Error.
+    #[cfg(feature = "openssl")]
+    #[display("OpenSSL error: {_0}")]
+    OpenSSLError(OpenSSLError),
+
    /// Value is not a boolean.
-    #[display(fmt = "Failed to parse boolean: {_0}")]
+    #[display("Failed to parse boolean: {_0}")]
    ParseBoolError(ParseBoolError),

    /// Value is not an integer.
-    #[display(fmt = "Failed to parse integer: {_0}")]
+    #[display("Failed to parse integer: {_0}")]
    ParseIntError(ParseIntError),

    /// Value is not an address.
-    #[display(fmt = "Failed to parse address: {_0}")]
+    #[display("Failed to parse address: {_0}")]
    ParseAddressError(#[error(not(source))] String),

    /// Error deserializing as TOML.
-    #[display(fmt = "TOML error: {_0}")]
+    #[display("TOML error: {_0}")]
    TomlError(TomlError),
 }

@ -64,6 +71,13 @@ impl From<io::Error> for Error {
    }
 }

+#[cfg(feature = "openssl")]
+impl From<OpenSSLError> for Error {
+    fn from(err: OpenSSLError) -> Self {
+        Self::OpenSSLError(err)
+    }
+}
+
 impl From<ParseBoolError> for Error {
    fn from(err: ParseBoolError) -> Self {
        Self::ParseBoolError(err)
@ -101,6 +115,9 @@ impl From<Error> for io::Error {

            Error::IoError(io_error) => io_error,

+            #[cfg(feature = "openssl")]
+            Error::OpenSSLError(ossl_error) => io::Error::new(io::ErrorKind::Other, ossl_error),
+
            Error::ParseBoolError(_) => {
                io::Error::new(io::ErrorKind::InvalidInput, err.to_string())
            }
--- a/actix-settings/src/lib.rs
+++ b/actix-settings/src/lib.rs
@ -54,15 +54,14 @@
 //!         }
 //!     })
 //!     // apply the `Settings` to Actix Web's `HttpServer`
-//!     .apply_settings(&settings)
+//!     .try_apply_settings(&settings)?
 //!     .run()
 //!     .await
 //! }
 //! ```

 #![forbid(unsafe_code)]
-#![deny(rust_2018_idioms, nonstandard_style)]
-#![warn(future_incompatible, missing_docs, missing_debug_implementations)]
+#![warn(missing_docs, missing_debug_implementations)]
 #![doc(html_logo_url = "https://actix.rs/img/logo.png")]
 #![doc(html_favicon_url = "https://actix.rs/favicon.ico")]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
@ -90,12 +89,14 @@ mod error;
 mod parse;
 mod settings;

+#[cfg(feature = "openssl")]
+pub use self::settings::Tls;
 pub use self::{
    error::Error,
    parse::Parse,
    settings::{
        ActixSettings, Address, Backlog, KeepAlive, MaxConnectionRate, MaxConnections, Mode,
-        NumWorkers, Timeout, Tls,
+        NumWorkers, Timeout,
    },
 };

@ -194,7 +195,7 @@ where
    /// use actix_settings::{Settings, Mode};
    ///
    /// # fn inner() -> Result<(), actix_settings::Error> {
-    /// let mut settings = Settings::from_default_template()?;
+    /// let mut settings = Settings::from_default_template();
    /// assert_eq!(settings.actix.mode, Mode::Development);
    ///
    /// Settings::override_field(&mut settings.actix.mode, "production")?;
@ -219,7 +220,7 @@ where
    /// std::env::set_var("OVERRIDE__MODE", "production");
    ///
    /// # fn inner() -> Result<(), actix_settings::Error> {
-    /// let mut settings = Settings::from_default_template()?;
+    /// let mut settings = Settings::from_default_template();
    /// assert_eq!(settings.actix.mode, Mode::Development);
    ///
    /// Settings::override_field_with_env_var(&mut settings.actix.mode, "OVERRIDE__MODE")?;
@ -240,10 +241,28 @@ where
 }

 /// Extension trait for applying parsed settings to the server object.
-pub trait ApplySettings<S> {
-    /// Apply some settings object value to `self`.
-    #[must_use]
-    fn apply_settings(self, settings: &S) -> Self;
+pub trait ApplySettings<S>: Sized {
+    /// Applies some settings object value to `self`.
+    ///
+    /// The default implementation calls [`try_apply_settings()`].
+    ///
+    /// # Panics
+    ///
+    /// May panic if settings are invalid or cannot be applied.
+    ///
+    /// [`try_apply_settings()`]: ApplySettings::try_apply_settings().
+    #[deprecated = "Prefer `try_apply_settings()`."]
+    fn apply_settings(self, settings: &S) -> Self {
+        self.try_apply_settings(settings)
+            .expect("Could not apply settings")
+    }
+
+    /// Applies some settings object value to `self`.
+    ///
+    /// # Errors
+    ///
+    /// May return error if settings are invalid or cannot be applied.
+    fn try_apply_settings(self, settings: &S) -> AsResult<Self>;
 }

 impl<F, I, S, B> ApplySettings<ActixSettings> for HttpServer<F, I, S, B>
@ -257,17 +276,27 @@ where
    S::Future: 'static,
    B: MessageBody + 'static,
 {
-    fn apply_settings(mut self, settings: &ActixSettings) -> Self {
-        if settings.tls.enabled {
-            // for Address { host, port } in &settings.actix.hosts {
-            //     self = self.bind(format!("{}:{}", host, port))
-            //         .unwrap(/*TODO*/);
-            // }
-            unimplemented!("[ApplySettings] TLS support has not been implemented yet.");
-        } else {
-            for Address { host, port } in &settings.hosts {
-                self = self.bind(format!("{host}:{port}"))
-                    .unwrap(/*TODO*/);
+    fn apply_settings(self, settings: &ActixSettings) -> Self {
+        self.try_apply_settings(settings).unwrap()
+    }
+
+    fn try_apply_settings(mut self, settings: &ActixSettings) -> AsResult<Self> {
+        for Address { host, port } in &settings.hosts {
+            #[cfg(feature = "openssl")]
+            {
+                if settings.tls.enabled {
+                    self = self.bind_openssl(
+                        format!("{}:{}", host, port),
+                        settings.tls.get_ssl_acceptor_builder()?,
+                    )?;
+                } else {
+                    self = self.bind(format!("{host}:{port}"))?;
+                }
+            }
+
+            #[cfg(not(feature = "openssl"))]
+            {
+                self = self.bind(format!("{host}:{port}"))?;
            }
        }

@ -320,7 +349,7 @@ where
            Timeout::Seconds(n) => self.shutdown_timeout(n as u64),
        };

-        self
+        Ok(self)
    }
 }

@ -337,7 +366,11 @@ where
    A: de::DeserializeOwned,
 {
    fn apply_settings(self, settings: &BasicSettings<A>) -> Self {
-        self.apply_settings(&settings.actix)
+        self.try_apply_settings(&settings.actix).unwrap()
+    }
+
+    fn try_apply_settings(self, settings: &BasicSettings<A>) -> AsResult<Self> {
+        self.try_apply_settings(&settings.actix)
    }
 }

@ -350,7 +383,8 @@ mod tests {
    #[test]
    fn apply_settings() {
        let settings = Settings::parse_toml("Server.toml").unwrap();
-        let _ = HttpServer::new(App::new).apply_settings(&settings);
+        let server = HttpServer::new(App::new).try_apply_settings(&settings);
+        assert!(server.is_ok());
    }

    #[test]
@ -663,6 +697,7 @@ mod tests {
        assert_eq!(settings.actix.shutdown_timeout, Timeout::Seconds(42));
    }

+    #[cfg(feature = "openssl")]
    #[test]
    fn override_field_tls_enabled() {
        let mut settings = Settings::from_default_template();
@ -671,6 +706,7 @@ mod tests {
        assert!(settings.actix.tls.enabled);
    }

+    #[cfg(feature = "openssl")]
    #[test]
    fn override_field_with_env_var_tls_enabled() {
        let mut settings = Settings::from_default_template();
@ -684,6 +720,7 @@ mod tests {
        assert!(settings.actix.tls.enabled);
    }

+    #[cfg(feature = "openssl")]
    #[test]
    fn override_field_tls_certificate() {
        let mut settings = Settings::from_default_template();
@ -702,6 +739,7 @@ mod tests {
        );
    }

+    #[cfg(feature = "openssl")]
    #[test]
    fn override_field_with_env_var_tls_certificate() {
        let mut settings = Settings::from_default_template();
@ -724,6 +762,7 @@ mod tests {
        );
    }

+    #[cfg(feature = "openssl")]
    #[test]
    fn override_field_tls_private_key() {
        let mut settings = Settings::from_default_template();
@ -742,6 +781,7 @@ mod tests {
        );
    }

+    #[cfg(feature = "openssl")]
    #[test]
    fn override_field_with_env_var_tls_private_key() {
        let mut settings = Settings::from_default_template();
--- a/actix-settings/src/settings/backlog.rs
+++ b/actix-settings/src/settings/backlog.rs
@ -43,7 +43,7 @@ impl<'de> de::Deserialize<'de> for Backlog {
    {
        struct BacklogVisitor;

-        impl<'de> de::Visitor<'de> for BacklogVisitor {
+        impl de::Visitor<'_> for BacklogVisitor {
            type Value = Backlog;

            fn expecting(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
--- a/actix-settings/src/settings/keep_alive.rs
+++ b/actix-settings/src/settings/keep_alive.rs
@ -68,7 +68,7 @@ impl<'de> de::Deserialize<'de> for KeepAlive {
    {
        struct KeepAliveVisitor;

-        impl<'de> de::Visitor<'de> for KeepAliveVisitor {
+        impl de::Visitor<'_> for KeepAliveVisitor {
            type Value = KeepAlive;

            fn expecting(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
--- a/actix-settings/src/settings/max_connection_rate.rs
+++ b/actix-settings/src/settings/max_connection_rate.rs
@ -40,7 +40,7 @@ impl<'de> de::Deserialize<'de> for MaxConnectionRate {
    {
        struct MaxConnectionRateVisitor;

-        impl<'de> de::Visitor<'de> for MaxConnectionRateVisitor {
+        impl de::Visitor<'_> for MaxConnectionRateVisitor {
            type Value = MaxConnectionRate;

            fn expecting(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
--- a/actix-settings/src/settings/max_connections.rs
+++ b/actix-settings/src/settings/max_connections.rs
@ -40,7 +40,7 @@ impl<'de> de::Deserialize<'de> for MaxConnections {
    {
        struct MaxConnectionsVisitor;

-        impl<'de> de::Visitor<'de> for MaxConnectionsVisitor {
+        impl de::Visitor<'_> for MaxConnectionsVisitor {
            type Value = MaxConnections;

            fn expecting(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
--- a/actix-settings/src/settings/mod.rs
+++ b/actix-settings/src/settings/mod.rs
@ -8,12 +8,15 @@ mod max_connections;
 mod mode;
 mod num_workers;
 mod timeout;
+#[cfg(feature = "openssl")]
 mod tls;

+#[cfg(feature = "openssl")]
+pub use self::tls::Tls;
 pub use self::{
    address::Address, backlog::Backlog, keep_alive::KeepAlive,
    max_connection_rate::MaxConnectionRate, max_connections::MaxConnections, mode::Mode,
-    num_workers::NumWorkers, timeout::Timeout, tls::Tls,
+    num_workers::NumWorkers, timeout::Timeout,
 };

 /// Settings types for Actix Web.
@ -57,5 +60,6 @@ pub struct ActixSettings {
    pub shutdown_timeout: Timeout,

    /// TLS (HTTPS) configuration.
+    #[cfg(feature = "openssl")]
    pub tls: Tls,
 }
--- a/actix-settings/src/settings/num_workers.rs
+++ b/actix-settings/src/settings/num_workers.rs
@ -39,7 +39,7 @@ impl<'de> de::Deserialize<'de> for NumWorkers {
    {
        struct NumWorkersVisitor;

-        impl<'de> de::Visitor<'de> for NumWorkersVisitor {
+        impl de::Visitor<'_> for NumWorkersVisitor {
            type Value = NumWorkers;

            fn expecting(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
--- a/actix-settings/src/settings/timeout.rs
+++ b/actix-settings/src/settings/timeout.rs
@ -71,7 +71,7 @@ impl<'de> de::Deserialize<'de> for Timeout {
    {
        struct TimeoutVisitor;

-        impl<'de> de::Visitor<'de> for TimeoutVisitor {
+        impl de::Visitor<'_> for TimeoutVisitor {
            type Value = Timeout;

            fn expecting(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
--- a/actix-settings/src/settings/tls.rs
+++ b/actix-settings/src/settings/tls.rs
@ -1,13 +1,16 @@
 use std::path::PathBuf;

+use openssl::ssl::{SslAcceptor, SslAcceptorBuilder, SslFiletype, SslMethod};
 use serde::Deserialize;

+use crate::AsResult;
+
 /// TLS (HTTPS) configuration.
 #[derive(Debug, Clone, PartialEq, Eq, Hash, Deserialize)]
 #[serde(rename_all = "kebab-case")]
 #[doc(alias = "ssl", alias = "https")]
 pub struct Tls {
-    /// Tru if accepting TLS connections should be enabled.
+    /// True if accepting TLS connections should be enabled.
    pub enabled: bool,

    /// Path to certificate `.pem` file.
@ -16,3 +19,39 @@ pub struct Tls {
    /// Path to private key `.pem` file.
    pub private_key: PathBuf,
 }
+
+impl Tls {
+    /// Returns an [`SslAcceptorBuilder`] with the configured settings.
+    ///
+    /// The result is often used with [`actix_web::HttpServer::bind_openssl()`].
+    ///
+    /// # Example
+    ///
+    /// ```no_run
+    /// use std::io;
+    /// use actix_settings::{ApplySettings as _, Settings};
+    /// use actix_web::{get, web, App, HttpServer, Responder};
+    ///
+    /// #[actix_web::main]
+    /// async fn main() -> io::Result<()> {
+    ///     let settings = Settings::from_default_template();
+    ///
+    ///     HttpServer::new(|| {
+    ///         App::new().route("/", web::to(|| async { "Hello, World!" }))
+    ///     })
+    ///     .try_apply_settings(&settings)?
+    ///     .bind(("127.0.0.1", 8080))?
+    ///     .bind_openssl(("127.0.0.1", 8443), settings.actix.tls.get_ssl_acceptor_builder()?)?
+    ///     .run()
+    ///     .await
+    /// }
+    /// ```
+    pub fn get_ssl_acceptor_builder(&self) -> AsResult<SslAcceptorBuilder> {
+        let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
+        builder.set_certificate_chain_file(&self.certificate)?;
+        builder.set_private_key_file(&self.private_key, SslFiletype::PEM)?;
+        builder.check_private_key()?;
+
+        Ok(builder)
+    }
+}
--- a/actix-web-httpauth/CHANGES.md
+++ b/actix-web-httpauth/CHANGES.md
@ -2,6 +2,10 @@

 ## Unreleased

+## 0.8.2
+
+- Minimum supported Rust version (MSRV) is now 1.75.
+
 ## 0.8.1

 - Implement `From<Basic>` for `BasicAuth`.
--- a/actix-web-httpauth/Cargo.toml
+++ b/actix-web-httpauth/Cargo.toml
@ -1,15 +1,15 @@
 [package]
 name = "actix-web-httpauth"
-version = "0.8.1"
+version = "0.8.2"
+description = "HTTP authentication schemes for Actix Web"
+categories = ["web-programming"]
+keywords = ["http", "web", "framework", "authentication", "security"]
 authors = [
    "svartalf <self@svartalf.info>",
    "Yuki Okushi <huyuumi.dev@gmail.com>",
 ]
-description = "HTTP authentication schemes for Actix Web"
-keywords = ["http", "web", "framework", "authentication", "security"]
-homepage = "https://actix.rs"
-repository = "https://github.com/actix/actix-extras.git"
-categories = ["web-programming::http-server"]
+repository.workspace = true
+homepage.workspace = true
 license.workspace = true
 edition.workspace = true
 rust-version.workspace = true
@ -22,13 +22,18 @@ all-features = true
 actix-utils = "3"
 actix-web = { version = "4.1", default-features = false }

-base64 = "0.21"
-futures-core = "0.3.7"
+base64 = "0.22"
+futures-core = "0.3.17"
 futures-util = { version = "0.3.17", default-features = false, features = ["std"] }
 log = "0.4"
 pin-project-lite = "0.2.7"

 [dev-dependencies]
-actix-cors = "0.6"
+actix-cors = "0.7"
 actix-service = "2"
 actix-web = { version = "4.1", default-features = false, features = ["macros"] }
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+tracing = "0.1.30"
+
+[lints]
+workspace = true
--- a/actix-web-httpauth/README.md
+++ b/actix-web-httpauth/README.md
@ -2,10 +2,14 @@

 > HTTP authentication schemes for [Actix Web](https://actix.rs).

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-web-httpauth?label=latest)](https://crates.io/crates/actix-web-httpauth)
-[![Documentation](https://docs.rs/actix-web-httpauth/badge.svg?version=0.8.1)](https://docs.rs/actix-web-httpauth/0.8.1)
+[![Documentation](https://docs.rs/actix-web-httpauth/badge.svg?version=0.8.2)](https://docs.rs/actix-web-httpauth/0.8.2)
 ![Apache 2.0 or MIT licensed](https://img.shields.io/crates/l/actix-web-httpauth)
-[![Dependency Status](https://deps.rs/crate/actix-web-httpauth/0.8.1/status.svg)](https://deps.rs/crate/actix-web-httpauth/0.8.1)
+[![Dependency Status](https://deps.rs/crate/actix-web-httpauth/0.8.2/status.svg)](https://deps.rs/crate/actix-web-httpauth/0.8.2)
+
+<!-- prettier-ignore-end -->

 ## Documentation & Resources

--- a/actix-web-httpauth/examples/middleware.rs
+++ b/actix-web-httpauth/examples/middleware.rs
@ -1,24 +1,57 @@
-use actix_web::{dev::ServiceRequest, middleware, web, App, Error, HttpServer};
-use actix_web_httpauth::{extractors::basic::BasicAuth, middleware::HttpAuthentication};
+use actix_web::{
+    dev::ServiceRequest, error, get, middleware::Logger, App, Error, HttpServer, Responder,
+};
+use actix_web_httpauth::{extractors::bearer::BearerAuth, middleware::HttpAuthentication};
+use tracing::level_filters::LevelFilter;
+use tracing_subscriber::EnvFilter;

+/// Validator that:
+/// - accepts Bearer auth;
+/// - returns a custom response for requests without a valid Bearer Authorization header;
+/// - rejects tokens containing an "x" (for quick testing using command line HTTP clients).
 async fn validator(
    req: ServiceRequest,
-    _credentials: BasicAuth,
+    credentials: Option<BearerAuth>,
 ) -> Result<ServiceRequest, (Error, ServiceRequest)> {
+    let Some(credentials) = credentials else {
+        return Err((error::ErrorBadRequest("no bearer header"), req));
+    };
+
+    eprintln!("{credentials:?}");
+
+    if credentials.token().contains('x') {
+        return Err((error::ErrorBadRequest("token contains x"), req));
+    }
+
    Ok(req)
 }

+#[get("/")]
+async fn index(auth: BearerAuth) -> impl Responder {
+    format!("authenticated for token: {}", auth.token().to_owned())
+}
+
 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            EnvFilter::builder()
+                .with_default_directive(LevelFilter::INFO.into())
+                .from_env_lossy(),
+        )
+        .without_time()
+        .init();
+
    HttpServer::new(|| {
-        let auth = HttpAuthentication::basic(validator);
+        let auth = HttpAuthentication::with_fn(validator);
+
        App::new()
-            .wrap(middleware::Logger::default())
+            .service(index)
            .wrap(auth)
-            .service(web::resource("/").to(|| async { "Test\r\n" }))
+            .wrap(Logger::default().log_target("@"))
    })
    .bind("127.0.0.1:8080")?
-    .workers(1)
+    .workers(2)
    .run()
    .await
 }
--- a/actix-web-httpauth/src/headers/authorization/errors.rs
+++ b/actix-web-httpauth/src/headers/authorization/errors.rs
@ -1,4 +1,4 @@
-use std::{convert::From, error::Error, fmt, str};
+use std::{error::Error, fmt, str};

 use actix_web::http::header;

--- a/actix-web-httpauth/src/lib.rs
+++ b/actix-web-httpauth/src/lib.rs
@ -15,8 +15,7 @@
 //! [Middleware]: self::middleware

 #![forbid(unsafe_code)]
-#![deny(rust_2018_idioms, nonstandard_style)]
-#![warn(future_incompatible, missing_docs)]
+#![warn(missing_docs)]
 #![doc(html_logo_url = "https://actix.rs/img/logo.png")]
 #![doc(html_favicon_url = "https://actix.rs/favicon.ico")]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
--- a/actix-web-httpauth/src/middleware.rs
+++ b/actix-web-httpauth/src/middleware.rs
@ -43,6 +43,55 @@ where
 {
    /// Construct `HttpAuthentication` middleware with the provided auth extractor `T` and
    /// validation callback `F`.
+    ///
+    /// This function can be used to implement optional authentication and/or custom responses to
+    /// missing authentication.
+    ///
+    /// # Examples
+    ///
+    /// ## Required Basic Auth
+    ///
+    /// ```no_run
+    /// # use actix_web_httpauth::extractors::basic::BasicAuth;
+    /// # use actix_web::dev::ServiceRequest;
+    /// async fn validator(
+    ///     req: ServiceRequest,
+    ///     credentials: BasicAuth,
+    /// ) -> Result<ServiceRequest, (actix_web::Error, ServiceRequest)> {
+    ///     eprintln!("{credentials:?}");
+    ///
+    ///     if credentials.user_id().contains('x') {
+    ///         return Err((actix_web::error::ErrorBadRequest("user ID contains x"), req));
+    ///     }
+    ///
+    ///     Ok(req)
+    /// }
+    /// # actix_web_httpauth::middleware::HttpAuthentication::with_fn(validator);
+    /// ```
+    ///
+    /// ## Optional Bearer Auth
+    ///
+    /// ```no_run
+    /// # use actix_web_httpauth::extractors::bearer::BearerAuth;
+    /// # use actix_web::dev::ServiceRequest;
+    /// async fn validator(
+    ///     req: ServiceRequest,
+    ///     credentials: Option<BearerAuth>,
+    /// ) -> Result<ServiceRequest, (actix_web::Error, ServiceRequest)> {
+    ///     let Some(credentials) = credentials else {
+    ///         return Err((actix_web::error::ErrorBadRequest("no bearer header"), req));
+    ///     };
+    ///
+    ///     eprintln!("{credentials:?}");
+    ///
+    ///     if credentials.token().contains('x') {
+    ///         return Err((actix_web::error::ErrorBadRequest("token contains x"), req));
+    ///     }
+    ///
+    ///     Ok(req)
+    /// }
+    /// # actix_web_httpauth::middleware::HttpAuthentication::with_fn(validator);
+    /// ```
    pub fn with_fn(process_fn: F) -> HttpAuthentication<T, F> {
        HttpAuthentication {
            process_fn: Arc::new(process_fn),
@ -243,7 +292,6 @@ where
 mod tests {
    use actix_service::into_service;
    use actix_web::{
-        dev::Service,
        error::{self, ErrorForbidden},
        http::StatusCode,
        test::TestRequest,
--- a/actix-web-httpauth/src/utils.rs
+++ b/actix-web-httpauth/src/utils.rs
@ -12,8 +12,8 @@ struct Quoted<'a> {
    state: State,
 }

-impl<'a> Quoted<'a> {
-    pub fn new(s: &'a str) -> Quoted<'_> {
+impl Quoted<'_> {
+    pub fn new(s: &str) -> Quoted<'_> {
        Quoted {
            inner: s.split('"').peekable(),
            state: State::YieldStr,
--- a/actix-ws/CHANGELOG.md
+++ b/actix-ws/CHANGELOG.md
@ -0,0 +1,18 @@
+# Changelog
+
+## Unreleased
+
+- Ensure TCP connection is properly shut down when session is dropped.
+
+## 0.3.0
+
+- Add `AggregatedMessage[Stream]` types.
+- Add `MessageStream::max_frame_size()` setter method.
+- Add `Session::continuation()` method.
+- The `Session::text()` method now receives an `impl Into<ByteString>`, making broadcasting text messages more efficient.
+- Remove type parameters from `Session::{text, binary}()` methods, replacing with equivalent `impl Trait` parameters.
+- Reduce memory usage by `take`-ing (rather than `split`-ing) the encoded buffer when yielding bytes in the response stream.
+
+## 0.2.5
+
+- Adopted into @actix org from <https://git.asonix.dog/asonix/actix-actorless-websockets>.
--- a/actix-ws/Cargo.toml
+++ b/actix-ws/Cargo.toml
@ -0,0 +1,33 @@
+[package]
+name = "actix-ws"
+version = "0.3.0"
+description = "WebSockets for Actix Web, without actors"
+categories = ["web-programming::websocket"]
+keywords = ["actix", "web", "websocket", "websockets", "streaming"]
+authors = [
+    "asonix <asonix@asonix.dog>",
+    "Rob Ede <robjtede@icloud.com>",
+]
+repository.workspace = true
+homepage.workspace = true
+license.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+
+[dependencies]
+actix-codec = "0.5"
+actix-http = { version = "3", default-features = false, features = ["ws"] }
+actix-web = { version = "4", default-features = false }
+bytestring = "1"
+futures-core = "0.3.17"
+tokio = { version = "1.24", features = ["sync"] }
+
+[dev-dependencies]
+actix-web = "4.8"
+futures-util = { version = "0.3.17", default-features = false, features = ["std"] }
+tokio = { version = "1.24", features = ["sync", "rt", "macros"] }
+tracing = "0.1.30"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+
+[lints]
+workspace = true
--- a/actix-redis/LICENSE-APACHE
+++ b/actix-redis/LICENSE-APACHE
--- a/actix-redis/LICENSE-MIT
+++ b/actix-redis/LICENSE-MIT
--- a/actix-ws/README.md
+++ b/actix-ws/README.md
@ -0,0 +1,74 @@
+# `actix-ws`
+
+> WebSockets for Actix Web, without actors.
+
+<!-- prettier-ignore-start -->
+
+[![crates.io](https://img.shields.io/crates/v/actix-ws?label=latest)](https://crates.io/crates/actix-ws)
+[![Documentation](https://docs.rs/actix-ws/badge.svg?version=0.3.0)](https://docs.rs/actix-ws/0.3.0)
+![Version](https://img.shields.io/badge/rustc-1.75+-ab6000.svg)
+![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-ws.svg)
+<br />
+[![Dependency Status](https://deps.rs/crate/actix-ws/0.3.0/status.svg)](https://deps.rs/crate/actix-ws/0.3.0)
+[![Download](https://img.shields.io/crates/d/actix-ws.svg)](https://crates.io/crates/actix-ws)
+[![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
+
+<!-- prettier-ignore-end -->
+
+## Example
+
+```rust
+use actix_web::{middleware::Logger, web, App, HttpRequest, HttpServer, Responder};
+use actix_ws::Message;
+
+async fn ws(req: HttpRequest, body: web::Payload) -> actix_web::Result<impl Responder> {
+    let (response, mut session, mut msg_stream) = actix_ws::handle(&req, body)?;
+
+    actix_web::rt::spawn(async move {
+        while let Some(Ok(msg)) = msg_stream.recv().await {
+            match msg {
+                Message::Ping(bytes) => {
+                    if session.pong(&bytes).await.is_err() {
+                        return;
+                    }
+                }
+                Message::Text(msg) => println!("Got text: {msg}"),
+                _ => break,
+            }
+        }
+
+        let _ = session.close(None).await;
+    });
+
+    Ok(response)
+}
+
+#[actix_web::main]
+async fn main() -> std::io::Result<()> {
+    HttpServer::new(move || {
+        App::new()
+            .wrap(Logger::default())
+            .route("/ws", web::get().to(ws))
+    })
+    .bind("127.0.0.1:8080")?
+    .run()
+    .await?;
+
+    Ok(())
+}
+```
+
+## Resources
+
+- [API Documentation](https://docs.rs/actix-ws)
+- [Example Chat Project](https://github.com/actix/examples/tree/master/websockets/chat-actorless)
+- Minimum Supported Rust Version (MSRV): 1.75
+
+## License
+
+This project is licensed under either of
+
+- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
+- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
+
+at your option.
--- a/actix-ws/examples/chat.html
+++ b/actix-ws/examples/chat.html
@ -0,0 +1,69 @@
+<html>
+    <head>
+        <meta charset="utf-8" />
+        <title>Chat</title>
+        <script>
+            function onLoad() {
+                console.log("BOOTING");
+                const socket = new WebSocket("ws://localhost:8080/ws");
+                const input = document.getElementById("chat-input");
+                const logs = document.getElementById("chat-logs");
+
+                if (!input || !logs) {
+                    alert("Couldn't find required elements");
+                    console.err("Couldn't find required elements");
+                    return;
+                }
+
+                input.addEventListener(
+                    "keyup",
+                    (event) => {
+                        if (event.isComposing) {
+                            return;
+                        }
+                        if (event.key != "Enter") {
+                            return;
+                        }
+
+                        socket.send(input.value);
+                        input.value = "";
+                    },
+                    false
+                );
+
+                socket.onmessage = (event) => {
+                    const newNode = document.createElement("li");
+                    newNode.textContent = event.data;
+
+                    let firstChild = null;
+                    for (const n of logs.childNodes.values()) {
+                        if (n.nodeType == 1) {
+                            firstChild = n;
+                            break;
+                        }
+                    }
+
+                    if (firstChild) {
+                        logs.insertBefore(newNode, firstChild);
+                    } else {
+                        logs.appendChild(newNode);
+                    }
+                };
+
+                window.addEventListener("beforeunload", () => {
+                    socket.close();
+                });
+            }
+
+            if (document.readyState === "complete") {
+                onLoad();
+            } else {
+                document.addEventListener("DOMContentLoaded", onLoad, false);
+            }
+        </script>
+    </head>
+    <body>
+        <input id="chat-input" type="test" />
+        <ul id="chat-logs"></ul>
+    </body>
+</html>
--- a/actix-ws/examples/chat.rs
+++ b/actix-ws/examples/chat.rs
@ -0,0 +1,158 @@
+use std::{
+    io,
+    sync::Arc,
+    time::{Duration, Instant},
+};
+
+use actix_web::{
+    middleware::Logger, web, web::Html, App, HttpRequest, HttpResponse, HttpServer, Responder,
+};
+use actix_ws::{AggregatedMessage, Session};
+use bytestring::ByteString;
+use futures_util::{stream::FuturesUnordered, StreamExt as _};
+use tokio::sync::Mutex;
+use tracing::level_filters::LevelFilter;
+use tracing_subscriber::EnvFilter;
+
+#[derive(Clone)]
+struct Chat {
+    inner: Arc<Mutex<ChatInner>>,
+}
+
+struct ChatInner {
+    sessions: Vec<Session>,
+}
+
+impl Chat {
+    fn new() -> Self {
+        Chat {
+            inner: Arc::new(Mutex::new(ChatInner {
+                sessions: Vec::new(),
+            })),
+        }
+    }
+
+    async fn insert(&self, session: Session) {
+        self.inner.lock().await.sessions.push(session);
+    }
+
+    async fn send(&self, msg: impl Into<ByteString>) {
+        let msg = msg.into();
+
+        let mut inner = self.inner.lock().await;
+        let mut unordered = FuturesUnordered::new();
+
+        for mut session in inner.sessions.drain(..) {
+            let msg = msg.clone();
+
+            unordered.push(async move {
+                let res = session.text(msg).await;
+                res.map(|_| session)
+                    .map_err(|_| tracing::debug!("Dropping session"))
+            });
+        }
+
+        while let Some(res) = unordered.next().await {
+            if let Ok(session) = res {
+                inner.sessions.push(session);
+            }
+        }
+    }
+}
+
+async fn ws(
+    req: HttpRequest,
+    body: web::Payload,
+    chat: web::Data<Chat>,
+) -> Result<HttpResponse, actix_web::Error> {
+    let (response, mut session, stream) = actix_ws::handle(&req, body)?;
+
+    // increase the maximum allowed frame size to 128KiB and aggregate continuation frames
+    let mut stream = stream.max_frame_size(128 * 1024).aggregate_continuations();
+
+    chat.insert(session.clone()).await;
+    tracing::info!("Inserted session");
+
+    let alive = Arc::new(Mutex::new(Instant::now()));
+
+    let mut session2 = session.clone();
+    let alive2 = alive.clone();
+    actix_web::rt::spawn(async move {
+        let mut interval = actix_web::rt::time::interval(Duration::from_secs(5));
+
+        loop {
+            interval.tick().await;
+            if session2.ping(b"").await.is_err() {
+                break;
+            }
+
+            if Instant::now().duration_since(*alive2.lock().await) > Duration::from_secs(10) {
+                let _ = session2.close(None).await;
+                break;
+            }
+        }
+    });
+
+    actix_web::rt::spawn(async move {
+        while let Some(Ok(msg)) = stream.recv().await {
+            match msg {
+                AggregatedMessage::Ping(bytes) => {
+                    if session.pong(&bytes).await.is_err() {
+                        return;
+                    }
+                }
+
+                AggregatedMessage::Text(string) => {
+                    tracing::info!("Relaying text, {string}");
+                    chat.send(string).await;
+                }
+
+                AggregatedMessage::Close(reason) => {
+                    let _ = session.close(reason).await;
+                    tracing::info!("Got close, bailing");
+                    return;
+                }
+
+                AggregatedMessage::Pong(_) => {
+                    *alive.lock().await = Instant::now();
+                }
+
+                _ => (),
+            };
+        }
+        let _ = session.close(None).await;
+    });
+    tracing::info!("Spawned");
+
+    Ok(response)
+}
+
+async fn index() -> impl Responder {
+    Html::new(include_str!("chat.html").to_owned())
+}
+
+#[tokio::main(flavor = "current_thread")]
+async fn main() -> io::Result<()> {
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            EnvFilter::builder()
+                .with_default_directive(LevelFilter::INFO.into())
+                .from_env_lossy(),
+        )
+        .init();
+
+    let chat = Chat::new();
+
+    HttpServer::new(move || {
+        App::new()
+            .wrap(Logger::default())
+            .app_data(web::Data::new(chat.clone()))
+            .route("/", web::get().to(index))
+            .route("/ws", web::get().to(ws))
+    })
+    .bind("127.0.0.1:8080")?
+    .run()
+    .await?;
+
+    Ok(())
+}
--- a/actix-ws/src/aggregated.rs
+++ b/actix-ws/src/aggregated.rs
@ -0,0 +1,216 @@
+//! WebSocket stream for aggregating continuation frames.
+
+use std::{
+    future::poll_fn,
+    io, mem,
+    pin::Pin,
+    task::{ready, Context, Poll},
+};
+
+use actix_http::ws::{CloseReason, Item, Message, ProtocolError};
+use actix_web::web::{Bytes, BytesMut};
+use bytestring::ByteString;
+use futures_core::Stream;
+
+use crate::MessageStream;
+
+pub(crate) enum ContinuationKind {
+    Text,
+    Binary,
+}
+
+/// WebSocket message with any continuations aggregated together.
+#[derive(Debug, PartialEq, Eq)]
+pub enum AggregatedMessage {
+    /// Text message.
+    Text(ByteString),
+
+    /// Binary message.
+    Binary(Bytes),
+
+    /// Ping message.
+    Ping(Bytes),
+
+    /// Pong message.
+    Pong(Bytes),
+
+    /// Close message with optional reason.
+    Close(Option<CloseReason>),
+}
+
+/// Stream of messages from a WebSocket client, with continuations aggregated.
+pub struct AggregatedMessageStream {
+    stream: MessageStream,
+    current_size: usize,
+    max_size: usize,
+    continuations: Vec<Bytes>,
+    continuation_kind: ContinuationKind,
+}
+
+impl AggregatedMessageStream {
+    #[must_use]
+    pub(crate) fn new(stream: MessageStream) -> Self {
+        AggregatedMessageStream {
+            stream,
+            current_size: 0,
+            max_size: 1024 * 1024,
+            continuations: Vec::new(),
+            continuation_kind: ContinuationKind::Binary,
+        }
+    }
+
+    /// Sets the maximum allowed size for aggregated continuations, in bytes.
+    ///
+    /// By default, up to 1 MiB is allowed.
+    ///
+    /// ```no_run
+    /// # use actix_ws::AggregatedMessageStream;
+    /// # async fn test(stream: AggregatedMessageStream) {
+    /// // increase the allowed size from 1MB to 8MB
+    /// let mut stream = stream.max_continuation_size(8 * 1024 * 1024);
+    ///
+    /// while let Some(Ok(msg)) = stream.recv().await {
+    ///     // handle message
+    /// }
+    /// # }
+    /// ```
+    #[must_use]
+    pub fn max_continuation_size(mut self, max_size: usize) -> Self {
+        self.max_size = max_size;
+        self
+    }
+
+    /// Waits for the next item from the aggregated message stream.
+    ///
+    /// This is a convenience for calling the [`Stream`](Stream::poll_next()) implementation.
+    ///
+    /// ```no_run
+    /// # use actix_ws::AggregatedMessageStream;
+    /// # async fn test(mut stream: AggregatedMessageStream) {
+    /// while let Some(Ok(msg)) = stream.recv().await {
+    ///     // handle message
+    /// }
+    /// # }
+    /// ```
+    #[must_use]
+    pub async fn recv(&mut self) -> Option<<Self as Stream>::Item> {
+        poll_fn(|cx| Pin::new(&mut *self).poll_next(cx)).await
+    }
+}
+
+fn size_error() -> Poll<Option<Result<AggregatedMessage, ProtocolError>>> {
+    Poll::Ready(Some(Err(ProtocolError::Io(io::Error::other(
+        "Exceeded maximum continuation size",
+    )))))
+}
+
+impl Stream for AggregatedMessageStream {
+    type Item = Result<AggregatedMessage, ProtocolError>;
+
+    fn poll_next(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
+        let this = self.get_mut();
+
+        let Some(msg) = ready!(Pin::new(&mut this.stream).poll_next(cx)?) else {
+            return Poll::Ready(None);
+        };
+
+        match msg {
+            Message::Continuation(item) => match item {
+                Item::FirstText(bytes) => {
+                    this.continuation_kind = ContinuationKind::Text;
+                    this.current_size += bytes.len();
+
+                    if this.current_size > this.max_size {
+                        this.continuations.clear();
+                        return size_error();
+                    }
+
+                    this.continuations.push(bytes);
+
+                    Poll::Pending
+                }
+
+                Item::FirstBinary(bytes) => {
+                    this.continuation_kind = ContinuationKind::Binary;
+                    this.current_size += bytes.len();
+
+                    if this.current_size > this.max_size {
+                        this.continuations.clear();
+                        return size_error();
+                    }
+
+                    this.continuations.push(bytes);
+
+                    Poll::Pending
+                }
+
+                Item::Continue(bytes) => {
+                    this.current_size += bytes.len();
+
+                    if this.current_size > this.max_size {
+                        this.continuations.clear();
+                        return size_error();
+                    }
+
+                    this.continuations.push(bytes);
+
+                    Poll::Pending
+                }
+
+                Item::Last(bytes) => {
+                    this.current_size += bytes.len();
+
+                    if this.current_size > this.max_size {
+                        // reset current_size, as this is the last message for
+                        // the current continuation
+                        this.current_size = 0;
+                        this.continuations.clear();
+
+                        return size_error();
+                    }
+
+                    this.continuations.push(bytes);
+                    let bytes = collect(&mut this.continuations);
+
+                    this.current_size = 0;
+
+                    match this.continuation_kind {
+                        ContinuationKind::Text => {
+                            Poll::Ready(Some(match ByteString::try_from(bytes) {
+                                Ok(bytestring) => Ok(AggregatedMessage::Text(bytestring)),
+                                Err(err) => Err(ProtocolError::Io(io::Error::new(
+                                    io::ErrorKind::InvalidData,
+                                    err.to_string(),
+                                ))),
+                            }))
+                        }
+                        ContinuationKind::Binary => {
+                            Poll::Ready(Some(Ok(AggregatedMessage::Binary(bytes))))
+                        }
+                    }
+                }
+            },
+
+            Message::Text(text) => Poll::Ready(Some(Ok(AggregatedMessage::Text(text)))),
+            Message::Binary(binary) => Poll::Ready(Some(Ok(AggregatedMessage::Binary(binary)))),
+            Message::Ping(ping) => Poll::Ready(Some(Ok(AggregatedMessage::Ping(ping)))),
+            Message::Pong(pong) => Poll::Ready(Some(Ok(AggregatedMessage::Pong(pong)))),
+            Message::Close(close) => Poll::Ready(Some(Ok(AggregatedMessage::Close(close)))),
+
+            Message::Nop => unreachable!("MessageStream should not produce no-ops"),
+        }
+    }
+}
+
+fn collect(continuations: &mut Vec<Bytes>) -> Bytes {
+    let continuations = mem::take(continuations);
+    let total_len = continuations.iter().map(|b| b.len()).sum();
+
+    let mut buf = BytesMut::with_capacity(total_len);
+
+    for chunk in continuations {
+        buf.extend(chunk);
+    }
+
+    buf.freeze()
+}
--- a/Show More
+++ b/Show More