Adding info where login attempts are stored

ThomasLandauer · web-flow · commit 4551ea2722fd · 2022-08-09T23:12:37.000+02:00
diff --git a/security.rst b/security.rst
@@ -1470,6 +1470,10 @@ You must enable this using the ``login_throttling`` setting:
 
     The ``login_throttling.interval`` option was introduced in Symfony 5.3.
 
+Internally, Symfony uses the :doc:`Rate Limiter component </rate_limiter>`
+which by default uses Symfony's cache to store the previous login attempts.
+However, you can implement a custom storage.
+
 By default, login attempts are limited on ``max_attempts`` (default: 5)
 failed requests for ``IP address + username`` and ``5 * max_attempts``
 failed requests for ``IP address``. The second limit protects against an
