How do you prevent session hopping using ASP.Net MVC Web API?

How do you prevent session hopping using ASP.Net MVC Web API?

pCreating an angularjs single page application trying to use a RESTful API
and I came across a problem that I can't seem to find an answer for. I was
trying to prevent session hoping, one user logged in watching the requests
figures out his account ID is 13. So he performs the same request but this
time alters the request to get info for account ID 14./p pSo after the
user logged in I was setting a session variable to his account ID and was
going to strip the account ID out of the ajax requests. I then tried to
access the Session from a class inheriting from ApiController. After
looking around I realize that storing session information is not very
RESTful./p pSo how would I go about ensuring that one account cannot
access another account's information just because they watched the ajax
requests and figured out how to manipulate the ajax request?/p pIs restful
not meant to be used with users that need to authenticated and authorized?
I was thinking of maybe hashing the IDs or something but I am not sure
that is the right approach./p