diff --git a/server/config/config.example.js b/server/config/config.example.js
index 3a6a228..4e7f34f 100644
--- a/server/config/config.example.js
+++ b/server/config/config.example.js
@@ -19,6 +19,8 @@ module.exports =
 			redirect_uri	: 'https://client.example.com/auth/callback'
 		}
 	},
+	// session cookie secret
+	cookieSecret	: 'T0P-S3cR3t_cook!e',
 	// Listening hostname for `gulp live|open`.
 	domain : 'localhost',
 	tls    :
diff --git a/server/server.js b/server/server.js
index 413cff3..4b5d177 100755
--- a/server/server.js
+++ b/server/server.js
@@ -140,10 +140,10 @@ function setupAuth(oidcIssuer)
 	passport.use('oidc', oidcStrategy);
 
 	app.use(session({
-		secret: 'keyboard cat',
+		secret: config.cookieSecret,
 		resave: true,
 		saveUninitialized: true,
-		//cookie            : { secure: true }
+		cookie: { secure: true }
 	}));
 
 	app.use(passport.initialize());