Ajax based web app and authentication: session or token?
I'm building a web app using rails for serving json and a JS framework on the client side.
For handling login I've discovered two ways:
- use an authentication token and append it to each ajax request and then in the backend use it to authenticate the user
- use sessions and cookies since they are automatically ppended to each ajax request
the second option seems more simple but there are reasons to use the first one?
P.S I'm using devise for the authntication
Typically you would create a cookie/session in order to keep a user signed in after revisiting your site.