The method I discribed does keep the session ID constant during the session. The random number is created at login and does not change until the user logs in again.