SEAPUNK
commented
8 years ago I could use a simple HMAC. Then comes the question of whether I want to use UUID for IDs, or random bytes. Both seem to work relatively well, but the random bytes impl seems faster with Set/Map, and use less memory.
Session resuming tokens as of right now are basically random characters, that you give to the client, and then later re-identifies with it.
Well, due to the nature of "random character tokens", the generation is potentially expensive and definitely stupid.
Since it acts like webapp browser session cookies work, I might end up actually using something along the lines of JWT for session generation and validation. It'll be simple, and it'll work. The only loop we'll have to use is the client ID creation loop.