Most of the time these kind of things are just limited by setting a cookie, or something in local or session storage and checked on load.
More advanced access systems may create a fingerprint of the machine by creating a hash of the IP address and machine specifications and make an API call upon load.