diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7ad22dac..f9f7ccd1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
 * The API is now enabled by default and the API key -- if not yet set -- will be automatically generated on first
   server start and written back into ``config.yaml``
 * Event subscriptions are now enabled by default (it was an accident that they weren't)
+* Generate the key used for session hashing individually for each server instance
 
 ### Bug Fixes
 
diff --git a/src/octoprint/server/__init__.py b/src/octoprint/server/__init__.py
index 8b09db57..fd872141 100644
--- a/src/octoprint/server/__init__.py
+++ b/src/octoprint/server/__init__.py
@@ -155,7 +155,15 @@ class Server():
 
 		app.wsgi_app = ReverseProxied(app.wsgi_app)
 
-		app.secret_key = "k3PuVYgtxNm8DXKKTw2nWmFQQun9qceV"
+		secret_key = settings().get(["server", "secretKey"])
+		if not secret_key:
+			import string
+			from random import choice
+			chars = string.ascii_lowercase + string.ascii_uppercase + string.digits
+			secret_key = "".join(choice(chars) for _ in xrange(32))
+			settings().set(["server", "secretKey"], secret_key)
+			settings().save()
+		app.secret_key = secret_key
 		loginManager = LoginManager()
 		loginManager.session_protection = "strong"
 		loginManager.user_callback = load_user
diff --git a/src/octoprint/settings.py b/src/octoprint/settings.py
index 8ed0c86f..68ba8b8f 100644
--- a/src/octoprint/settings.py
+++ b/src/octoprint/settings.py
@@ -41,6 +41,7 @@ default_settings = {
 		"host": "0.0.0.0",
 		"port": 5000,
 		"firstRun": True,
+	    "secretKey": None,
 		"baseUrl": "",
 		"scheme": ""
 	},