In a single page app, all of the decisions about what view/subview to render occurs on the client and ideally does not require a trip back to the server. client.  This means that ideally the client would be able to authenticate the currently logged in user on transitions to sensitive pages  and access its data without going back to the server. This blog post summarizes my attempts at adding an additional layer of security to my locally stored authentication information.