Safe session IDs

From: Ryan M Harris (
Date: 01/10/02

From: "Ryan M Harris" <>
To: <>
Date: Thu, 10 Jan 2002 12:38:09 -0500

What is the most secure way of generating a session number?

I have used the following formula in the past. Is it secure (from a
randomness perspective)? Any way to make it more secure/random?

sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from
here) + microtime() )

Ryan M Harris