diff --git a/Makefile b/Makefile
index 0985d2c..3f97660 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,5 @@
+all: config/ci_com_pub.pem config/session_secret
+
 config/ci_com_pub.pem: config/ci_com.pem
 	openssl rsa -pubout -in $< -out $@
 	chmod 777 $@
@@ -5,3 +7,6 @@ config/ci_com_pub.pem: config/ci_com.pem
 config/ci_com.pem:
 	openssl genrsa -out $@ 1024
 	chmod 700 $@
+
+config/session_secret:
+	cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 > $@
diff --git a/app/routes/ApiRtes.js b/app/routes/ApiRtes.js
index 59bb055..dabe588 100644
--- a/app/routes/ApiRtes.js
+++ b/app/routes/ApiRtes.js
@@ -3,8 +3,10 @@ var PolyUserServ = require('../services/PolyUserServ');
 var DecryptServ = require('../services/DecryptServ');
 var ConvsServ = require('../services/ConvsServ');
 var MessServ = require('../services/MessServ');
+var fs = require('fs');
 var express = require('express');
-session = require('express-session');
+var session = require('express-session');
+var MongoStore = require('connect-mongo')(session);
 
 var api = express();
 
@@ -98,7 +100,9 @@ api.use(session({
     name: 'membreCool',
     resave: false,
     saveUninitialized: true,
-    secret: "Le Club Info c'est cool" // TODO Vrai secret https://gist.github.com/earthgecko/3089509
+    secret: fs.readFileSync('config/session_secret', {
+        encoding: 'UTF8'
+    })
 }));
 
 api.get('/session', function (req, res) { // Informations sur la session
diff --git a/server.js b/server.js
index 96c07ee..6dc4281 100644
--- a/server.js
+++ b/server.js
@@ -2,7 +2,6 @@
 var express = require('express');
 var mongoose = require('mongoose');
 var bodyParser = require('body-parser');
-var cookieParser = require('cookie-parser');
 
 // Application ================================================================
 
@@ -20,9 +19,6 @@ app.use(bodyParser.urlencoded({
     extended: true
 }));
 
-// Cookie-parser
-app.use(cookieParser());
-
 // Routes
 require('./app/routes')(app);
 
--
libgit2 0.21.2