diff --git a/app.js b/app.js
index 261334810b60724cc4e01fb969b816665d87f8fd..b5aac0bc6362999b0cb402096628af41d12a362c 100644
--- a/app.js
+++ b/app.js
@@ -47,7 +47,7 @@ app.use(session(
   {
     resave: true,
     saveUninitialized: true,
-    secret: 'thisisasecret'
+    secret: config.app.sessionSecret
   }
 ));
 app.use(flash());
diff --git a/config/config.js b/config/config.js
index c99b06faa7fe1c4ac0c924bb0260c681b5793433..3da503db74366867bbf006c3aa83d2bae8ddc0ea 100644
--- a/config/config.js
+++ b/config/config.js
@@ -3,7 +3,8 @@ module.exports = {
     app: {
       name: 'User Account Management',
       port: process.env.PORT || 9989,
-      host: 'http://localhost:9989'
+      host: 'http://localhost:9989',
+      sessionSecret: 'thisisasecret'
     },
     passport: {
       strategy: 'saml',
@@ -40,7 +41,8 @@ module.exports = {
     app: {
       name: 'User Account Management',
       port: process.env.PORT || 9989,
-      host: 'https://m4lab.hft-stuttgart.de/account'
+      host: 'https://m4lab.hft-stuttgart.de/account',
+      sessionSecret: 'thisisasecret'
     },
     passport: {
       strategy: 'saml',