asp.net mvc - Most secured way to persist data in ASP MVC -

i'm using asp mvc application + wcf service custom session behavior implementation. clients receive, store , use (for authorization) session tokens. i'm searching secured way store session token @ client side in asp mvc.

i see few ways:

1. hidden field. drawback: user can open page source code , token.
2. route value. drawback: token open. user can address bar.
3. session. i've read lot articles 1 conclusion: using session in mvc application bad practice. session have lot advantages well: can configured, can store token @ server side, etc.

i'm sure there best practices solving problem. appreciated.

require https connections, encrypt secure data, place in cookie.

you pass token around site, encrypted of course via hidden field or scenario cookies made do.

my bank sets cookie, should enough doing.