I'm building a Login Service for an open source MMO game. I do not know much on the side of security/encryption and I am looking for a solution that will provide good protection against hackers and must not be too costly to generate.
Our old system used a very simple system of authentication by storing the password as SHA1 in the database. For our new service we want to authenticate this through an auth token that is generate when the user logs in for the first time and is valid throughout the session. Would a simple randomly generated string suffice for this or should I be looking at something more complicated to keep it secure?