Use random alphabetic string instead hex bytes for session tokens.

src/Auth/Sessions.php

@@ -3,6 +3,7 @@ namespace Misuzu\Auth;
 
 use InvalidArgumentException;
 use RuntimeException;
+use Index\XString;
 use Index\Data\DbStatementCache;
 use Index\Data\DbTools;
 use Index\Data\IDbConnection;
@@ -20,9 +21,8 @@ class Sessions {
         $this->cache = new DbStatementCache($dbConn);
     }
 
-    // would like to un-hex this but need to make sure AuthToken doesn't have an aneurysm over it
     public static function generateToken(): string {
-        return bin2hex(random_bytes(32));
+        return XString::random(64);
     }
 
     public function countSessions(

src/AuthToken.php

@@ -6,6 +6,13 @@ use Index\Serialisation\UriBase64;
 use Misuzu\Auth\SessionInfo;
 use Misuzu\Users\User;
 
+/* Map of props
+ * u - User ID
+ * s - Plaintext token string
+ * t - Old hex token string, fallback for s
+ * i - Impersonation User ID
+ */
+
 class AuthToken {
     private const EPOCH = 1682985600;
 
@@ -57,12 +64,16 @@ class AuthToken {
     }
 
     public function getSessionToken(): string {
-        if(!$this->hasProperty('t'))
-            return '';
-        return bin2hex($this->getProperty('t'));
+        if($this->hasProperty('s'))
+            return $this->getProperty('s');
+
+        if($this->hasProperty('t'))
+            return bin2hex($this->getProperty('t'));
+
+        return '';
     }
     public function setSessionToken(string $token): self {
-        $this->setProperty('t', hex2bin($token));
+        $this->setProperty('s', $token);
         return $this;
     }
 
@@ -120,7 +131,7 @@ class AuthToken {
             $data = unpack('Nuser/H*token', $data);
 
             $obj->props['u'] = (string)$data['user'];
-            $obj->props['t'] = hex2bin($data['token']);
+            $obj->props['s'] = $data['token'];
             $obj->updateTimestamp();
         } elseif($version === 2) {
             $timestamp = substr($data, 0, 4);