you could add a sequence number after the time-based number to give some additional uniqueness to play with.
if you are getting less than 100 sessions/second you could use a 2 decimal digit sequence number.
or a 2 hex digit sequence number would give you 256 uniques/second.

for random session ID's using perl:

MD5::Disgest

better to try Digest::MD5 [search.cpan.org]

A simple method is to get the system process ID, time, and the user's remote address and build something from that.

$id = $$ . $ENV{'REMOTE_ADDR'} . time;
$id =~ s/\.¦\-//g;

(that is a vertical pipe there, a class will work as well, e.g. [\.\-]+)

I prefer to do this rather than include another whole library for such a simple task.

$PROCESS_ID
$PID
$$
[search.cpan.org...]

better to try Digest::MD5

oops, thank you for correcting my post.

Thanks phranque and rocknbil, here's what I've got....

Time + IP + 2 digit random number

Then, cos I don't like to see my IP in cookes/session headers and things.....(and a little 'cos I was bored)....

Convert each digit (0-9) into 4-bit binary, and stuff them into 32-bit ints.

Output the ints as %010u, creating a reverse-engineerable 30 character string that has no obvious bearing on the original.

[edit] I added an XOR to it as it made a more convincing looking number - not so many 0's [/edit]

[edited by: Dabrowski at 11:38 pm (utc) on Dec. 20, 2007]