Session token entropy

I’m filling the owasp asvs checklist

one of the checks is this
verify that session tokens possess at least 64 bits of entropy.

since I’m using the SS credential provider, I would like to know if the generated session token has at least 64 bits of entropy



It uses 15 bytes populated by a secure number generator, so 120bits of entropy.