The following snippet of code is in php but I've seen developers of other web programming languages hash random numbers.
if ($loginValid=='yes') {
$token = sha256(generateRandomNumber());
$_SESSION["token"] = $token;
$_SESSION["userid"] = $id;
setcookie("authenticationtoken", $token, ...)
}
sha256 is a cryptographic hash function. Since it does not use a salt, whatever input you give it, the same output comes out. Try it out:
http://www.xorbin.com/tools/sha256-hash-calculator
In what context is hashing (without using a salt) a random number considered good practice?
My guess is that it's just a simple way of getting a hash of a known size, independently of the size that generateRandomNumber() returns. Obviously if generateRandomNumber() has a small range, that will be reflected in the number of distinct hashes returned too.
Assuming that GenerateRandomNumber does not have a random seed, i.e it is a truly cryptographically secure random number, a salt won't be required. Remember that the purpose of a salt is to ensure that if the same input is used to a hash function, it will return two different results.
If token simply needs to be a secret that is passed to the client, then salting this hash won't really help.
For reference, you would use a salt on a password hash. Rather than storing the user password, you store its hash so that if you database is penetrated no one can steal a user's password. However, you do not want people who use the same password to get the same hash, so you add a salt to the password before it is hashed to ensure that even if two users have the same password, they should get a different hash.