(id: string)
| 121 | // ── Cookie signing ──────────────────────────────────────────────────────── |
| 122 | |
| 123 | sign(id: string): string { |
| 124 | const hmac = createHmac("sha256", this.key); |
| 125 | hmac.update(id); |
| 126 | return `${id}.${hmac.digest("base64url")}`; |
| 127 | } |
| 128 | |
| 129 | /** |
| 130 | * Verifies the HMAC and returns the raw session ID, or null on failure. |