The script can be run many times in parallel - using a botnet, for instance - so it soon starts to spot session IDs already issued by your server.
output.log