diff --git a/lib/SimpleSAML/SessionHandlerCookie.php b/lib/SimpleSAML/SessionHandlerCookie.php
index c325bc5aa2a1cd3a7831f6e4b01831b7a21582e8..7b82f40352af2fcbe81654a8964f87f9c1e79f91 100644
--- a/lib/SimpleSAML/SessionHandlerCookie.php
+++ b/lib/SimpleSAML/SessionHandlerCookie.php
@@ -3,6 +3,9 @@
 /* We need access to the configuration from config/config.php. */
 require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Configuration.php');
 
+/* We need the generateID function from Utilities. */
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
+
 /**
  * This file is part of SimpleSAMLphp. See the file COPYING in the
  * root of the distribution for licence information.
@@ -46,7 +49,7 @@ extends SimpleSAML_SessionHandler {
 		}
 
 		/* We don't have a valid session. Create a new session id. */
-		$this->session_id = self::createSessionID();
+		$this->session_id = SimpleSAML_Utilities::generateID();
 		setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/',
 			NULL, self::secureCookie(), TRUE);
 	}
@@ -84,23 +87,6 @@ extends SimpleSAML_SessionHandler {
 	}
 
 
-	/* This static function creates a session id. A session id consists
-	 * of 32 random hexadecimal characters.
-	 *
-	 * Returns:
-	 *  A random session id.
-	 */
-	private static function createSessionID() {
-		$id = '';
-		for($i = 0; $i < 32; $i++) {
-			/* TODO: Is rand(...) secure enough? */
-			$id .= dechex(rand(0, 15));
-		}
-
-		return $id;
-	}
-
-
 	/* This static function validates a session id. A session id is valid
 	 * if it only consists of characters which are allowed in a session id
 	 * and it is the correct length.