Nice thing of using sessions is that you mark cookies as HttpOnly and you avoid them ever being leakable by crosssite scripting. And you get them transparently in your JS -> backend calls.
Of course downside is that once you move to multiserver you have to think of setting up sticky loadbalancing or distributed sessions.
Of course downside is that once you move to multiserver you have to think of setting up sticky loadbalancing or distributed sessions.