diff --git a/actix-session/Cargo.toml b/actix-session/Cargo.toml
index a86cd7758..c4a7820bf 100644
--- a/actix-session/Cargo.toml
+++ b/actix-session/Cargo.toml
@@ -32,7 +32,7 @@ actix-web = { version = "4", default-features = false, features = ["cookies", "s
 
 anyhow = "1"
 derive_more = { version = "2", features = ["display", "error", "from"] }
-rand = "0.8"
+rand = "0.9"
 serde = { version = "1" }
 serde_json = { version = "1" }
 tracing = { version = "0.1.30", default-features = false, features = ["log"] }
diff --git a/actix-session/src/storage/utils.rs b/actix-session/src/storage/utils.rs
index 4dcfed7bb..a5bf4c07f 100644
--- a/actix-session/src/storage/utils.rs
+++ b/actix-session/src/storage/utils.rs
@@ -1,4 +1,4 @@
-use rand::distributions::{Alphanumeric, DistString as _};
+use rand::distr::{Alphanumeric, SampleString as _};
 
 use crate::storage::SessionKey;
 
@@ -7,7 +7,7 @@ use crate::storage::SessionKey;
 /// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
 pub fn generate_session_key() -> SessionKey {
     Alphanumeric
-        .sample_string(&mut rand::thread_rng(), 64)
+        .sample_string(&mut rand::rng(), 64)
         .try_into()
         .expect("generated string should be within size range for a session key")
 }