I'm developing a web application, which has a HTML5 and Javascript based front end and the back end is developed with ASP.NET WebAPI. These two layers communicate with each other using Ajax calls and JSON.
Since the front end and back end are developed in a completely disconnected manner, I want to know if there's any particular best practice to handle the sessions/user state? How this differ from session handling in ASP.NET applications?
I assume this is much related to authentication as well. Have a look at the answer I have given to the following question. It describes a way to manage authentication with full JS front end.
BoilerplateJS: recommended way to handle authorization and authentication
On sessions, there is no much difference from ASP.NET applications. In ASP.NET AJAX applications, at runtime what you have on browser is just plain JS and HTML. The only difference is that most of HTML is rendered by server processing in ASP.NET where as in pure JS client model, rendering happens on client side.
