Weak Session IDs

Mal plugs one of these IDs into his browser, and voila, he has hijacked somebody's session.
A victorious hacker
Headers
  ▼ General
      Remote Address: 121.232.112.200:443
      Request Method: GET
      Status Code: 200 OK
  ▶ Request Headers
  ▼ Response Headers
      Set-Cookie: session_id=41293