Web server sends encrypted authentication cookie back to web page and all further requests from that page send that cookie back to server.
So it looks like this:
// initial page request
client -> server: give me the page
server -> client: no cookie, you are anonymous, here is your page
// ajax authentication request
client -> server: here are my credentials
server -> client: ok, you are in, here is the authentication cookie
// any other request
client -> server: i want to do something, and here is the cookie
server: [decrypts cookie] i know this guy