use safer random functions

src/Protocols/Http/Request.php

@@ -619,7 +619,7 @@ class Request
      */
     public static function createSessionId()
     {
-        return \bin2hex(\pack('d', \microtime(true)) . \pack('N', \mt_rand()));
+        return \bin2hex(\pack('d', \microtime(true)) . random_bytes(8));
     }
 
     /**

src/Protocols/Http/Session.php

@@ -411,7 +411,7 @@ class Session
     public function __destruct()
     {
         $this->save();
-        if (\rand(1, static::$gcProbability[1]) <= static::$gcProbability[0]) {
+        if (\random_int(1, static::$gcProbability[1]) <= static::$gcProbability[0]) {
             $this->gc();
         }
     }

src/Protocols/Http/Session/FileSessionHandler.php

@@ -90,7 +90,7 @@ class FileSessionHandler implements SessionHandlerInterface
      */
     public function write($session_id, $session_data)
     {
-        $temp_file = static::$_sessionSavePath . uniqid(mt_rand(), true);
+        $temp_file = static::$_sessionSavePath . uniqid(bin2hex(random_bytes(8)), true);
         if (!\file_put_contents($temp_file, $session_data)) {
             return false;
         }

src/Protocols/Ws.php

@@ -346,7 +346,7 @@ class Ws
         $port = $connection->getRemotePort();
         $host = $port === 80 ? $connection->getRemoteHost() : $connection->getRemoteHost() . ':' . $port;
         // Handshake header.
-        $connection->websocketSecKey = \base64_encode(\md5(\mt_rand(), true));
+        $connection->websocketSecKey = \base64_encode(random_bytes(16));
         $user_header = isset($connection->headers) ? $connection->headers :
             (isset($connection->wsHttpHeader) ? $connection->wsHttpHeader : null);
         $user_header_str = '';