what about something like this:
on the client:
- at startup (on page load) the client generates a UUID (probably a UTC timestamp would fit)
- when sending commands to the machine the client includes the UUID info
- in case that the client wanna keep the machine "locked" it periodically sends a null command with the UUID
on the server:
- at startup your app set the machine "unlocked"
- on request of information your app always replies
- on commands your app checks if the machine is "unlocked"
- when the machine is "unlocked" then:
- set the machine "locked"
- save the UUID
- save the system time
- when the machine is "locked" then
- check the UUID,
+ UUID == saved_UUID then the app updates the system time and executes the command
+ UUID != saved_UUID check how much time passed since last system time saved
+ (currentTime - savedTime) < TIMEOUT then the app refuses the command cause the machine is "locked" by UUID
+ (currentTime - savedTime) > TIMEOUT then the app assume the machine is "unlocked"