[eluser]WanWizard[/eluser]
It is do deal with something called session fixation.
If you don't rotate the session ID, the time available for a hacker to do something with it increases. Now, if someone intercepts a session cookie, they have a maximum of 5 minutes to do something with it, before it becomes invalid.