It is not important for session keys to be hard to guess. If you include a MAC (using SHA1 probably) in your cookie, knowing a valid session key will not be enough information to forge a valid session. Instead, you should focus on making one that will definitely not repeate, because a repeat will be a potential disaster for your application. I recommend using mod_unique_id (an apache module) or a sequence from a database, because these are both good enough for use in a cluster of machine.

Nearly all of the "hard to guess" key generation tools have problems with duplicates, as you have seen. You also have to be careful when making something our of concatenating things like process ID which can vary in length, since you can get accidental repeats if you are not forcing them to a specific size or using a separator character between them. Really, it's much easier to use mod_unique_id or a database.