The frontend should inform the user (that the "price lock" time has expired) and refresh the price automatically. Then when they click submit there should always be a non-expired token. You should also be storing details of these tokens server-side so you can validate that it's not been tampered with (if someone gets the private key. They can submit orders for any price?)