diff --git a/README.md b/README.md
index dc4e2f7383..c9fac5097c 100644
--- a/README.md
+++ b/README.md
@@ -65,25 +65,36 @@ Edit your .env file with the following API keys accordingly (if you only use ema
 ```
 
 MONGOHQ_URL='mongodb://localhost:27017/freecodecamp'
-BLOGGER_KEY=stuff
+
 FACEBOOK_ID=stuff
 FACEBOOK_SECRET=stuff
+
 GITHUB_ID=stuff
 GITHUB_SECRET=stuff
+
 GOOGLE_ID=stuff
 GOOGLE_SECRET=stuff
+
 LINKEDIN_ID=stuff
 LINKEDIN_SECRET=stuff
+
 MANDRILL_PASSWORD=stuff
 MANDRILL_USER=stuff
-SESSION_SECRET=secretstuff
+
 TRELLO_KEY=stuff
 TRELLO_SECRET=stuff
+
 TWITTER_KEY=stuff
 TWITTER_SECRET=stuff
 TWITTER_TOKEN=stuff
 TWITTER_TOKEN_SECRET=stuff
+
+BLOGGER_KEY=stuff
 SLACK_WEBHOOK=stuff
+
+SESSION_SECRET=secretstuff
+COOKIE_SECRET='this is a secret'
+
 PEER=stuff
 DEBUG=true
 
diff --git a/config/secrets.js b/config/secrets.js
index a3bd62dc81..2ea3cdef28 100644
--- a/config/secrets.js
+++ b/config/secrets.js
@@ -37,10 +37,10 @@ module.exports = {
   },
 
   twitter: {
-    consumerKey:      process.env.TWITTER_KEY,
-    consumerSecret:   process.env.TWITTER_SECRET,
-    token:            process.env.TWITTER_TOKEN,
-    tokenSecret:      process.env.TWITTER_TOKEN_SECRET,
+    consumerKey: process.env.TWITTER_KEY,
+    consumerSecret: process.env.TWITTER_SECRET,
+    token: process.env.TWITTER_TOKEN,
+    tokenSecret: process.env.TWITTER_TOKEN_SECRET,
     callbackURL: '/auth/twitter/callback',
     passReqToCallback: true
   },
@@ -60,4 +60,6 @@ module.exports = {
     passReqToCallback: true
   },
   slackHook: process.env.SLACK_WEBHOOK,
+
+  cookieSecret: process.env.COOKIE_SECRET
 };
diff --git a/server/server.js b/server/server.js
index 4e4c7b02bd..3f1d8b6983 100755
--- a/server/server.js
+++ b/server/server.js
@@ -65,7 +65,7 @@ app.use(expressValidator({
   }
 }));
 app.use(methodOverride());
-app.use(cookieParser());
+app.use(cookieParser(secrets.cookieSecret));
 app.use(session({
   resave: true,
   saveUninitialized: true,