SPA best practices for authentication and session managementThis question has been addressed, in a slightly different form, at length, here: RESTful Authentication But this addresses it from the server-side. Let's look at this from the client-side. Before we do that, though, there's an important prelude: Javascript Crypto is Hopeless Matasano's article on this is famous, but the lessons contained therein are pretty important: https://www.nccgroup.trust/us/
