Index: includes/session.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/session.inc,v
retrieving revision 1.85
diff -u -r1.85 session.inc
--- includes/session.inc	14 Jun 2010 12:31:46 -0000	1.85
+++ includes/session.inc	21 Jun 2010 22:50:45 -0000
@@ -315,18 +315,12 @@
 
   if (drupal_session_started()) {
     $old_session_id = session_id();
-    session_regenerate_id();
-  }
-  else {
-    // Start the session when it doesn't exist yet.
-    // Preserve the logged in user, as it will be reset to anonymous
-    // by _drupal_session_read.
-    $account = $user;
-    drupal_session_start();
-    $user = $account;
   }
+  session_id(drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55)));
 
   if (isset($old_session_id)) {
+    $params = session_get_cookie_params();
+    setcookie(session_name(), session_id(), REQUEST_TIME + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
     $fields = array('sid' => session_id());
     if ($is_https) {
       $fields['ssid'] = session_id();
@@ -350,6 +344,14 @@
       ->condition('sid', $old_insecure_session_id)
       ->execute();
   }
+  else {
+    // Start the session when it doesn't exist yet.
+    // Preserve the logged in user, as it will be reset to anonymous
+    // by _drupal_session_read.
+    $account = $user;
+    drupal_session_start();
+    $user = $account;
+  }
   date_default_timezone_set(drupal_get_user_timezone());
 }