It'd be a race condition. You'd have 2+ users both sharing the same session ID. At some point your code decides to regenerate the ID, which would send the new ID to one of those users. If the attacker lucks out and their "hit" is the on that gets the regenerated ID, they'll be in the clear and have total control over that session now.
If the actual user gets the regenerated ID, then the attacker is now left with an invalid session ID, and they'll have to try and hijack the freshly regenerated ID and start over again.