Well, generating a string of 36 random alphanumeric characters SOUNDS pretty unique to me. (36^20=1.3e+31 possible combinations)

I know how to use MD5 and other hashing algorithms, and I've heard it's a good thing to do so for session ids, but my question is why? Is generating the IDs as I describe above not good enough?

-Any sufficiently advanced technology is
indistinguishable from doubletalk.