Allow subclasses to override how the token is generated.

[mfn]

Using uniqid() in high frequency environments can pose a problem because the entropy isn't very high. It didn't took my long with a few processes and low ttls to encounter duplicate values returned from uniqid() in different processes.

One optimization could be to use the second parameter for high entropy, e.g. uniqid("", true); but instead of hardcoding it, I felt the flexibility of being able to override how it is generated better serves the community.