diff --git a/src/calibre/library/server/utils.py b/src/calibre/library/server/utils.py
index b69d3e6a72..ebc7998020 100644
--- a/src/calibre/library/server/utils.py
+++ b/src/calibre/library/server/utils.py
@@ -5,7 +5,7 @@ __license__   = 'GPL v3'
 __copyright__ = '2010, Kovid Goyal <kovid@kovidgoyal.net>'
 __docformat__ = 'restructuredtext en'
 
-import time, sys, uuid, hashlib
+import time, sys, hashlib, binascii, random, os
 from urllib import quote as quote_, unquote as unquote_
 from functools import wraps
 
@@ -89,7 +89,8 @@ class AuthController(object):
     def __init__(self, realm, users_dict):
         self.realm = realm
         self.users_dict = users_dict
-        self.secret = bytes(uuid.uuid4().hex)
+        self.secret = bytes(binascii.hexlify(os.urandom(random.randint(20,
+            30))))
         self.cookie_name = 'android_workaround'
 
     def hashit(self, raw):