identity is a string shared between browser and server.
Thus it should not be database primary key etc.
Random string like uuid or hash is better choice.