diff --git a/development.ini b/development.ini
index 4d3d976..756d0e2 100644
--- a/development.ini
+++ b/development.ini
@@ -19,7 +19,10 @@ sqlalchemy.url = sqlite:///%(here)s/ordr.sqlite
 
 retry.attempts = 3
 
-auth.secret = 'change me!'
+auth.secret = 'Change Me 1'
+session.secret = 'Change Me 2'
+session.auto_csrf = true
+static_views.cache_max_age = 0
 
 # passlib settings
 # setup the context to support only argon2 for the moment
diff --git a/ordr/__init__.py b/ordr/__init__.py
index bce273c..2034961 100644
--- a/ordr/__init__.py
+++ b/ordr/__init__.py
@@ -1,4 +1,5 @@
 from pyramid.config import Configurator
+from pyramid.session import SignedCookieSessionFactory
 
 
 __version__ = '0.0.1'
@@ -8,6 +9,11 @@ def main(global_config, **settings):
     """ This function returns a Pyramid WSGI application.
     """
     config = Configurator(settings=settings)
+    
+    session_factory = SignedCookieSessionFactory(settings['session.secret'])
+    config.set_session_factory(session_factory)
+    config.set_default_csrf_options(require_csrf=settings['session.auto_csrf'])
+
     config.include('pyramid_jinja2')
     config.include('.models')
     config.include('.resources')