Ah, I didn't even think to switch to the memcache driver in either of my tests... I used the default config in both cases. So the above reflects the KVS driver in grizzly, and the SQL driver in master.
This is going to be a mess to clean up... but, I'm now thinking we should handle both variations in auth_token as an immediate security fix, and then work out exactly which drivers in which branches are producing hashes before changing any of them.
Ah, I didn't even think to switch to the memcache driver in either of my tests... I used the default config in both cases. So the above reflects the KVS driver in grizzly, and the SQL driver in master.
This is going to be a mess to clean up... but, I'm now thinking we should handle both variations in auth_token as an immediate security fix, and then work out exactly which drivers in which branches are producing hashes before changing any of them.