diff --git a/web/inc/main.php b/web/inc/main.php
index 09eef5f7..f75f9530 100644
--- a/web/inc/main.php
+++ b/web/inc/main.php
@@ -66,9 +66,10 @@ if ((!isset($_SESSION['user'])) && (!defined('NO_AUTH_REQUIRED'))) {
     exit;
 }
 
+// Generate CSRF Token
 if (isset($_SESSION['user'])) {
-    if(!isset($_SESSION['token'])){
-        $token = uniqid(mt_rand(), true);
+    if (!isset($_SESSION['token'])){
+        $token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
         $_SESSION['token'] = $token;
     }
 }
diff --git a/web/login/index.php b/web/login/index.php
index bf3f2c28..18841344 100644
--- a/web/login/index.php
+++ b/web/login/index.php
@@ -112,7 +112,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
                     }
 
                     // Regenerate session id to prevent session fixation
-                    session_regenerate_id();
+                    session_regenerate_id(true);
 
                     // Redirect request to control panel interface
                     if (!empty($_SESSION['request_uri'])) {
@@ -158,7 +158,8 @@ if (empty($_SESSION['language'])) {
 }
 
 // Generate CSRF token
-$_SESSION['token'] = md5(uniqid(mt_rand(), true));
+$token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
+$_SESSION['token'] = $token;
 
 require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
 require_once('../templates/header.html');