diff --git a/src/server.ts b/src/server.ts
index fd4f0db..597ebbb 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -1,4 +1,5 @@
 import { AsyncLocalStorage } from "node:async_hooks";
+import { randomUUID } from "node:crypto";
 
 import { IterableClient } from "@iterable/api";
 import { logger } from "@iterable/api";
@@ -234,6 +235,11 @@ export class IterableMcpServer {
   }
 }
 
-function createSessionId(): string {
-  return Math.random().toString(36).slice(2) + Date.now().toString(36);
+/**
+ * Generate a cryptographically secure session ID
+ * Uses crypto.randomUUID() for guaranteed uniqueness and unpredictability
+ * Exported for testing purposes
+ */
+export function createSessionId(): string {
+  return randomUUID();
 }
diff --git a/tests/unit/session-id.test.ts b/tests/unit/session-id.test.ts
new file mode 100644
index 0000000..deec06f
--- /dev/null
+++ b/tests/unit/session-id.test.ts
@@ -0,0 +1,15 @@
+/* eslint-disable simple-import-sort/imports */
+import { describe, expect, it } from "@jest/globals";
+import { createSessionId } from "../../src/server";
+
+describe("Session ID Generation", () => {
+  it("generates unique session IDs", () => {
+    const id1 = createSessionId();
+    const id2 = createSessionId();
+    const id3 = createSessionId();
+
+    expect(id1).not.toBe(id2);
+    expect(id2).not.toBe(id3);
+    expect(id1).not.toBe(id3);
+  });
+});