The only way to avoid the user to reset or cheat the countdown is to implement it in the server side.
The issue is to have some way to identify the user, so he cannot just reset the cache, cookie or equivalent. There is not a general solution for that, but usually, problems which require countdown have related identification.
As an example, in the past I implemented a solution like that for user login: when the password is wrong, he cannot re-enter a new password for a while. In this case, the identification is clear: the user login.
Of course, if security is not a big issue, there are plenty of simpler solutions: timers, cookies, etc.
The solution
On any Operation-try from the user, perform:
- Check in the database, if any user already tried a short time ago with the same identification (login?)
- If yes, just return the error message.
- If not, perform the operation
- Save the new try with a time-stamp in the database, so a new try is not possible until the specified time has passed..