Comment 4 for bug 1331406

This isn't a bug with Keystone, it was raised by keystone changing the token format to not match the is_asn1_token check. Because this check failed the length of the token id exceeded the key size limitation for the session. The fix is to not check if the token is ASN1 before hashing, but to hash if the token length is > maximuma llowable size.