Technically, that could work. As long as you're not going to have 32K sessions per second, that seems fairly unique. Problem is, I believe the poster wanted random. There's many ways you could run into race conditions in this case. I say it depends on the application as to the source of randomness and uniqueness. For example, if using a database that supports sequences, you could MD5-encrypt a sequence number with a random password, and that'd be both unique and random, as well as fairly simple. Without more information, it's difficult, though.

Update: Double posted; this should be under this node instead.
Update2: Second post had MD5 note added whereas first didn't.