From 91f9df629df5abf71839d1c00a24aec7545714eb Mon Sep 17 00:00:00 2001
From: Mike Jolley <mike.jolley@me.com>
Date: Tue, 20 May 2014 11:08:31 +0100
Subject: [PATCH] Stronger session ID generation

---
 includes/class-wc-session-handler.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/includes/class-wc-session-handler.php b/includes/class-wc-session-handler.php
index 01f5dbeea1b..ce7d99ab701 100644
--- a/includes/class-wc-session-handler.php
+++ b/includes/class-wc-session-handler.php
@@ -111,16 +111,20 @@ class WC_Session_Handler extends WC_Session {
     }
 
 	/**
-	 * generate_customer_id function.
+	 * Generate a unique customer ID for guests, or return user ID if logged in. 
+	 * 
+	 * Uses Portable PHP password hashing framework to generate a unique cryptographically strong ID.
 	 *
 	 * @access public
-	 * @return mixed
+	 * @return int|string
 	 */
 	public function generate_customer_id() {
 		if ( is_user_logged_in() ) {
 			return get_current_user_id();
 		} else {
-			return wp_generate_password( 32, false );
+			require_once( ABSPATH . 'wp-includes/class-phpass.php');
+			$hasher = new PasswordHash( 8, false );
+			return md5( $hasher->get_random_bytes( 32 ) );
 		}
 	}