Concurrency handling in rate limit API design

Rate Limit API design suggests to keep API+Client as ley and value as List of timestamps and its counter in the Reddis cache and updating the cache for each call.
How can this handle concurrency, that same client is trying to access some API concurrently, and both the requests lookup cache and work on their own copy of the reddis copy and updates the cache, which means one is unaware that other client is updating and ultimately cache has invalid data and thus grants access to the client violating the rate limiter.
This means a client can send 100 requests at the same time and pass the ratelimitter, although his limit is 2/sec.