Establishing control in any Ajax interaction is not a black and white process. Control can either be server-side, or use a mix of server-side and client-side controllers.
Client + Server-Side Control: In this structure, one may use allocate all presentation related control to JavaScript on the client side. This includes manipulating pages, rendering data, processing events, etc. The server-side, meanwhile, handles things such as updating model data and delivering it to the client. This is a more secure architecture as the server does not have in-depth knowledge of data being presented on the client-side.
Central Server-Side Control: In this architecture, control stays with the server-side which pushes updates to the client DOM through JavaScript. It is important to ensure that the server-side stays in sync with the client side when using this control method.