How to enforce Rate Limiter across page refresh?


I am trying to use the rate limiter to enforce a max 6 login attempts per 5 minutes.
I changed the default rule, and it works, except that when refreshing the page the limits are resets.
Is it possible to make the rate limit survive a page refresh?
clientAddress seems to be possible too, but for big organization it’s a problem since more than 6 people (using the same IP) could login in that window.
Is there a way to make the connectionId persist across refreshes?

            userId: null,
            clientAddress: ip => true,
            type: 'method',
            name: 'login',
            connectionId: connectionId => true,
        }, 5, 6000);