I'm not sure about differentiating between client1 and client2 within the Arduino code, but the W5100 somehow does it internally. I know this because I have had two persistent telnet connections onto my Arduino's ethernet port at the same time, and there is no 'crosstalk' or confusion between them. When client1 sends some data over and the arduino responds, the arduino's response goes to client1 and client2 is never involved at all. And the same if client2 is active and client1 is idle. (You couldn't get concurrent activity as the Arduino can't multithread, so if they both tried to be active at once one of them would get served first and the other would be buffered then served second.)
I've dug into this while tracking down another bug and what I find is that when server.available() returns a client, the information returned is the connection number. You could probably track that information, eg. if client1 is on port 0 then you could keep track of whether or not port0 has passed some sort of authorization before accepting commands. You just have to ensure you clear the authorization flag when the client on port0 has logged off. And since the W5100 is limited to 4 connections, you really only have to worry about a maximum of 4 authorization flags, so it shouldn't take a lot of memory to monitor that.
You can read through the various files in the Ethernet library to see how it all comes together.