Hi Iuri,
ecommerce package had it's own session_id to show related products without requiring a user to login again, for example.
The ec_session id code mirrored much of the standard session id code in the years after 2000.
With security improvements to the standard security sessions, mirroring some of the revised session_id code into the ec_sessions_id paradigm may work.
And yet, there may be a better way of handling the ec_session_id now. Maybe it is possible to use the regular session_id. Although, maybe it is not recommended.
I don't have any suggestions. If I think of something, I will post here.
best wishes,
Ben