October 06, 2017
.. because you probably have two use cases:
You can use a whitelist to define which token is active, or a blacklist where you store tokens you wont allow. In both cases you have to save the token and look it up in your database anyway. That said, you can use a plain old random strings to look up valid sessions (and eventually the user) in the DB.
Personal stuff esp. when a tweet is too short..
You can find me on Twitter → @tam_mo