Generating Unique Keys

[Mongryong]

> Because then a malicious user could easily get access to someone
> else's web session, since they know keys are sequential.  The
> requirement wasn't stated, but it's generally a valid to assume the
> webmaster doesn't want this to happen.

Even with a 'randomly' generated session key, a malicious user can still
steal the session key of a active user.  Is there an algorithm or
solution to this security risk?