diff --git a/actionpack/lib/action_controller/cgi_ext/session.rb b/actionpack/lib/action_controller/cgi_ext/session.rb
index 0213ce91bd..a01f17f9ce 100644
--- a/actionpack/lib/action_controller/cgi_ext/session.rb
+++ b/actionpack/lib/action_controller/cgi_ext/session.rb
@@ -6,18 +6,28 @@ class CGI #:nodoc:
   # * Expose the CGI instance to session stores.
   # * Don't require 'digest/md5' whenever a new session id is generated.
   class Session #:nodoc:
-    # Generate an MD5 hash including the time, a random number, the process id,
-    # and a constant string. This is used to generate session ids but may be
-    # reused elsewhere.
-    def self.generate_unique_id(constant = 'foobar')
-      md5 = Digest::MD5.new
-      now = Time.now
-      md5 << now.to_s
-      md5 << String(now.usec)
-      md5 << String(rand(0))
-      md5 << String($$)
-      md5 << constant
-      md5.hexdigest
+    begin
+      require 'securerandom'
+
+      # Generate a 32-character unique id using SecureRandom.
+      # This is used to generate session ids but may be reused elsewhere.
+      def self.generate_unique_id(constant = nil)
+        SecureRandom.hex(16)
+      end
+    rescue LoadError
+      # Generate an 32-character unique id based on a hash of the current time,
+      # a random number, the process id, and a constant string. This is used
+      # to generate session ids but may be reused elsewhere.
+      def self.generate_unique_id(constant = 'foobar')
+        md5 = Digest::MD5.new
+        now = Time.now
+        md5 << now.to_s
+        md5 << String(now.usec)
+        md5 << String(rand(0))
+        md5 << String($$)
+        md5 << constant
+        md5.hexdigest
+      end
     end
 
     # Make the CGI instance available to session stores.