aiohttp-security/docs/usage.rst

identity is a string shared between browser and server.
Thus it should not be database primary key etc.
Random string like uuid or hash is better choice.
More docs 2015-10-29 08:31:24 +00:00			`identity is a string shared between browser and server.`
			`Thus it should not be database primary key etc.`
			`Random string like uuid or hash is better choice.`