Zabbix API session ID generation produces non-unique IDs

We have observed problems with session IDs being non-unique if a user has several sessions during the same second. If two sessions get the same ID, a disconnect on one of those sessions will also unexpectedly disconnect another session.

We have traced the non-unique ID problem to this line in the CUser.php file of the Zabbix API:

$sessionid = md5(time().$password.$name.rand(0, 10000000));

time() is second-based, and rand with the same seed has been known to return the same value repeatedly. This appears to be the root of the problem. Since we create a significant number of sections, duplicate IDs and resulting problems are a frequent occurrence.