Auth Service - adam-hanna/sessions GitHub Wiki

The default hashing strategy is HMAC with SHA-512. SessionID's are hashed and then the hashed byte slice is appended to the sessionID byte slice. Finally, this appended slice is base64 encoded. This base64 encoded byte slice is then stringified, and this resultant string is the session token that is sent and received from clients.