diff --git a/src/cowboy2_session_stream_h.erl b/src/cowboy2_session_stream_h.erl
index ff9f20b..f7daef6 100644
--- a/src/cowboy2_session_stream_h.erl
+++ b/src/cowboy2_session_stream_h.erl
@@ -38,7 +38,7 @@ init_session_3(_, _, Req) ->
 init_new_session(Req0) ->
     NewSessionId =
         base64url:encode(
-            rand:bytes(?SESSION_ID_LEN_BYTES)),
+            crypto:strong_rand_bytes(?SESSION_ID_LEN_BYTES)),
     Req = Req0#{session_id => NewSessionId, session => #{}},
     % TODO: HttpOnly, Secure, etc.
     CookieOpts = #{},