The session variable is carried over between tabs. The session information is stored on the server, and lasts until the user closes their browser. So you'd really only have to worry about that if the user opened up a second browser all together, or if they restarted the current one.
Either way though, it's still good practice to check with the DB. I would just check to see if the user has access to that task when they log in. If they do, and they haven't yet performed that task today (according to the info you got from the DB when they logged in) echo/print the button, if not, skip that part.
Now since a user can still request a page using GET/POST whether or not you provide the form functions to do so, you'll still want to check again on the page that processes the task. You can probably do it all in the UPDATE or INSERT SQL in one go.
UPDATE task_table SET new_info_column = 'new info' WHERE $user_id IN (SELECT user_id FROM allow_users) AND DATE(task_last_performed_timestamp) != CURDATE()
That SQL won't work as is, and I'm not even sure it's the best solution, but it can give you an idea as to how you may go about doing the update and authorization in one call to the DB.