The idea with the session_id is that it should make id collisions unlikely in practice, but a collision should not pose a security risk, and at most cause a signing failure.
If the second time a colliding psbt is presented with mutated parameters that affect NonceGen (any of the extra args), then for at least one (i, j) pair the recomputed secnonce/pubnonce would be different, signing is aborted and the session destroyed. If the colliding psbt is presented with mutated members that do not affect the output of NonceGen, then the changes in the second PSBT vs the first are irrelevant, as NonceGen would have been executed in with the same exact parameters if there was no mutation.
So unless I missed something, that should still be safe.