A good session-id would be constructed like this:

choose a few (around 70) strings at random

place username,IP,user-agent among them

calculate the Digest::MD5 from their concatenation

prepend this and the (entered) password to each of them

sort these (combined) strings by their Digest::MD5

concatenate the original strings in this sorted order

calculate the Digest::MD5 of this concatenation and use it as session-id

place the original strings at key session-id into the database