diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm
index 244c9e563..4b98889b0 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm
@@ -10,7 +10,7 @@ package Lemonldap::NG::Common::Apache::Session::Generate::SHA256;
 
 use strict;
 use Crypt::URandom;
-use Digest::SHA qw(sha256 sha256_hex sha256_base64);
+use Digest::SHA qw(sha256_hex);
 
 our $VERSION = '2.0.2';
 
@@ -22,15 +22,17 @@ sub generate {
         $length = $session->{args}->{IDLength};
     }
 
-    $session->{data}->{_session_id} = substr(
-        Digest::SHA::sha256_hex(
-            Digest::SHA::sha256_hex(
-                time() . {} . Crypt::URandom::urandom($length) . $$
-            )
-        ),
-        0, $length
-    );
-
+    eval {
+        $session->{data}->{_session_id} =
+          substr( Digest::SHA::sha256_hex( Crypt::URandom::urandom(256) ),
+            0, $length );
+    };
+    if ($@) {
+        print STDERR "Crypt::URandom::urandom failed: $@\n";
+        $session->{data}->{_session_id} =
+          substr( Digest::SHA::sha256_hex( time() . {} . rand() . $$ ),
+            0, $length );
+    }
 }
 
 sub validate {