- [ ] Don't reseed RNG on every token generation - [ ] Put session token size in a constant somewhere (currently hardcoded at generation and DB column string length) - [ ] Make wrapper type for session token (similar to `Name`) instead of using `String` directly - [ ] Put a prefix on the session cookie that lets us tell what version it is?
Name) instead of usingStringdirectly