It is a random string, I just created it with uuid(). Nothing was ever verified. Is minting tokens an official term that has to do with JWT? I thought it was just short-hand for the process I just described.
Minting tokens specifically refers to JWT-like constructions AKA "[probably-RSA-]signed cookies".
Generating a sufficiently (16-32 bytes) long string of randomness and using just that as a session ID stored in a database is a perfectly fine technique, scales well enough and is quite hard to get wrong.
Generating a sufficiently (16-32 bytes) long string of randomness and using just that as a session ID stored in a database is a perfectly fine technique, scales well enough and is quite hard to get wrong.