diff --git a/config.json.example b/config.json.example
index f2274ce940..1aa62936b7 100644
--- a/config.json.example
+++ b/config.json.example
@@ -22,6 +22,8 @@
     "CRON_SEMI_SAFE_MODE":"false",
     "MAINTENANCE_MODE": "false",
     "SESSION_SECRET":"YOUR SECRET HERE",
+    "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
+    "SESSION_SECRET_IV": "12345678912345678912345678912345",
     "ADMIN_EMAIL": "you@example.com",
     "SMTP_USER":"user@example.com",
     "SMTP_PASS":"password",
diff --git a/website/server/libs/encryption.js b/website/server/libs/encryption.js
index 390c59234e..36fff3f521 100644
--- a/website/server/libs/encryption.js
+++ b/website/server/libs/encryption.js
@@ -1,24 +1,26 @@
 import {
-  createCipher,
-  createDecipher,
+  createCipheriv,
+  createDecipheriv,
 } from 'crypto';
 import nconf from 'nconf';
 
 const algorithm = 'aes-256-ctr';
-const SESSION_SECRET = nconf.get('SESSION_SECRET');
+const SESSION_SECRET_KEY = nconf.get('SESSION_SECRET_KEY');
+const SESSION_SECRET_IV = nconf.get('SESSION_SECRET_IV');
+
+const key = Buffer.from(SESSION_SECRET_KEY, 'hex');
+const iv  = Buffer.from(SESSION_SECRET_IV, 'hex');
 
 export function encrypt (text) {
-  let cipher = createCipher(algorithm,  SESSION_SECRET);
+  const cipher = createCipheriv(algorithm, key, iv);
   let crypted = cipher.update(text, 'utf8', 'hex');
-
   crypted += cipher.final('hex');
   return crypted;
 }
 
 export function decrypt (text) {
-  let decipher = createDecipher(algorithm, SESSION_SECRET);
+  const decipher = createDecipheriv(algorithm, key, iv);
   let dec = decipher.update(text, 'hex', 'utf8');
-
   dec += decipher.final('utf8');
   return dec;
 }