The /session API now generates a unique, randomly-generated token

instead of returning the user's credentials in the HTTP Basic Auth

format (i.e., base64-encoded username:password).
Since these tokens are randomly generated instead of deterministic, we

store them in a JSON-encoded (for simplicity of

marshalling/unmarshalling) file whose location is specified in

config.json.

Ran go fmt ./....

Ran go test ./....
Created a new session and stopped the server. Observed token in tokens.dat file.
Restarted server and authenticated to protected endpoint with token; was granted access.