diff --git a/session/sess_utils.go b/session/sess_utils.go
index 8bc6c192..b9a965c3 100644
--- a/session/sess_utils.go
+++ b/session/sess_utils.go
@@ -20,6 +20,8 @@ import (
 	"io"
 	"strconv"
 	"time"
+
+	"github.com/astaxie/beego/utils"
 )
 
 func init() {
@@ -60,8 +62,8 @@ func DecodeGob(encoded []byte) (map[interface{}]interface{}, error) {
 // generateRandomKey creates a random key with the given strength.
 func generateRandomKey(strength int) []byte {
 	k := make([]byte, strength)
-	if _, err := io.ReadFull(rand.Reader, k); err != nil {
-		return nil
+	if n, err := io.ReadFull(rand.Reader, k); n != strength || err != nil {
+		return utils.RandomCreateBytes(strength)
 	}
 	return k
 }
diff --git a/session/session.go b/session/session.go
index 3609c10b..eb9162b8 100644
--- a/session/session.go
+++ b/session/session.go
@@ -18,6 +18,8 @@ import (
 	"net/http"
 	"net/url"
 	"time"
+
+	"github.com/astaxie/beego/utils"
 )
 
 // SessionStore contains all data for one session process with specific id.
@@ -237,9 +239,9 @@ func (manager *Manager) SetSecure(secure bool) {
 
 // generate session id with rand string, unix nano time, remote addr by hash function.
 func (manager *Manager) sessionId(r *http.Request) (sid string) {
-	bs := make([]byte, 24)
-	if _, err := io.ReadFull(rand.Reader, bs); err != nil {
-		return ""
+	bs := make([]byte, 32)
+	if n, err := io.ReadFull(rand.Reader, bs); n != 32 || err != nil {
+		bs = utils.RandomCreateBytes(32)
 	}
 	sig := fmt.Sprintf("%s%d%s", r.RemoteAddr, time.Now().UnixNano(), bs)
 	if manager.config.SessionIDHashFunc == "md5" {