Index: base.py
===================================================================
--- base.py	(revision 7047)
+++ base.py	(working copy)
@@ -12,6 +12,11 @@
 except ImportError:
     import pickle
 
+try:
+    import uuid
+except:
+    import django.utils.uuid as uuid
+
 class SessionBase(object):
     """
     Base class for all Session classes.
@@ -88,16 +93,9 @@
 
     def _get_new_session_key(self):
         "Returns session key that isn't being used."
-        # The random module is seeded when this Apache child is created.
-        # Use settings.SECRET_KEY as added salt.
-        try:
-            pid = os.getpid()
-        except AttributeError:
-            # No getpid() in Jython, for example
-            pid = 1
+        # The generated key is a UUID as defined in http://www.faqs.org/rfcs/rfc4122.html
         while 1:
-            session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1),
-                                  pid, time.time(), settings.SECRET_KEY)).hexdigest()
+            session_key = uuid4().hex
             if not self.exists(session_key):
                 break
         return session_key