The following snippet of code is in php but I've seen developers of other web programming languages hash random numbers.
if ($loginValid=='yes') {
$token = sha256(generateRandomNumber());
$_SESSION["token"] = $token;
$_SESSION["userid"] = $id;
setcookie("authenticationtoken", $token, ...)
}
sha256 is a cryptographic hash function. Since it does not use a salt, whatever input you give it, the same output comes out. Try it out:
http://www.xorbin.com/tools/sha256-hash-calculator
In what context is hashing (without using a salt) a random number considered good practice?