I'm currently working on a project where I use AngularJS for the frontend and PHP / MySQL for the backend as a kind of API to feed the main application with database data. But as I explained earlier, I have always used sessions to handle the login, my question is: What is the best option to make this login and keep logged in? Should I always send the user data and password to API? To remain authenticated? Should I use some kind of token with expiration time? But in the case of a browser (web application) where would I store this token? So I still would use sessions?
Anyway, I do not know if I said something silly, if so, please correct me.