diff --git a/session_api.install b/session_api.install
index 0947ee6..444694a 100644
--- a/session_api.install
+++ b/session_api.install
@@ -28,7 +28,7 @@ function session_api_schema() {
       ),
       'session_id' => array(
         'type' => 'varchar',
-        'length' => 64,
+        'length' => 128,
         'not null' => TRUE,
       ),
     ),
@@ -51,3 +51,13 @@ function session_api_update_6100() {
 
   return $ret;
 }
+
+/**
+ * Implements hook_update_N().
+ *
+ * Lengthens the session_id field to match core {sessions}.sid field.
+ */
+function session_api_update_6101() {
+  db_change_field($ret, 'session_api', 'session_id', 'session_id', array('type' => 'varchar', 'length' => 128, 'not null' => TRUE));
+	return $ret;
+}
\ No newline at end of file
diff --git a/session_api.module b/session_api.module
index b26912b..baa833e 100644
--- a/session_api.module
+++ b/session_api.module
@@ -28,8 +28,8 @@ function session_api_initialize_cookie() {
 
 /**
  * Return a Session API ID corresponding to the current session.
- * The session id is a md5 hash created with the ip address, the time
- * and a key generated by druapl_get_private_key().
+ * The session id is a created using the same method as Drupal 7 core
+ * as defined in includes/session.inc.
  * @param boolean create set this to FALSE if you don't want to create a session
  * cookie if it doesn't already exist.
  */
@@ -56,7 +56,10 @@ function session_api_get_sid($create = TRUE) {
     	return -1;
     }
     else {
-      $session_id = md5(ip_address() . time() . drupal_get_private_key());
+      $data = uniqid(mt_rand(), true);
+      $hash = base64_encode(hash('sha256', $data, TRUE));
+      $hash = strtr($hash, array('+' => '-', '/' => '_', '=' => ''));
+      $session_id = $hash;
     }
 
     // For the cookie we use the same domain that Drupal's own session cookie uses.
diff --git a/session_api.test b/session_api.test
index d43099c..f4a1731 100644
--- a/session_api.test
+++ b/session_api.test
@@ -45,7 +45,10 @@ class SessionApiTestCase extends DrupalWebTestCase {
 
     // Store ID in the db.
     $rec = new stdClass();
-    $rec->session_id = md5(ip_address() . time() . drupal_get_private_key());
+    $data = uniqid(mt_rand(), true);
+    $hash = base64_encode(hash('sha256', $data, TRUE));
+    $hash = strtr($hash, array('+' => '-', '/' => '_', '=' => ''));
+    $rec->session_id = $hash;
     drupal_write_record('session_api', $rec);
     $_COOKIE['session_api_session'] = $rec->session_id;
     $this->assertEqual(session_api_get_sid(), $rec->sid, 'Function session_api_get_sid() correctly retrieves the session_api_id from the database.'.$sid);