

Ask HN: How does HN's auth system work? - sktrdie

The only cookie saved for Hacker News is the "user" cookie, which supposedly is a token that refers to my user in HN's database. The only time this token is regenerated is when I logout, I'm not even sure it expires on the server. I wanted to ask, how is this token generated? Just randomly? Is there a best practice for generating this sort of token? Is it even called a "token"?
======
kungfooguru
Not the method I use, but people may trust this method simply since its what
Rails uses:

* session_id is a 32 hex character MD5 hash based upon time, random number and constant string.

