diff --git a/.gitignore b/.gitignore
index 434d54d874..c078d10f44 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,4 +39,7 @@ projectFilesBackup
 /_site
 
 # Changelog, which is autogenerated, not committed
-CHANGELOG.md
\ No newline at end of file
+CHANGELOG.md
+
+# Casper generated files
+/core/test/functional/*.png
\ No newline at end of file
diff --git a/core/ghost.js b/core/ghost.js
index 4d679ef490..adcea706d7 100644
--- a/core/ghost.js
+++ b/core/ghost.js
@@ -16,6 +16,7 @@ var config = require('./../config'),
     plugins = require('./server/plugins'),
     requireTree = require('./server/require-tree'),
     permissions = require('./server/permissions'),
+    uuid = require('node-uuid'),
 
 // Variables
     appRoot = path.resolve(__dirname, '../'),
@@ -83,6 +84,9 @@ Ghost = function () {
         // Holds the available plugins
         instance.availablePlugins = {};
 
+        // Holds the dbhash (mainly used for cookie secret)
+        instance.dbHash = undefined;
+
         app = express();
         polyglot = new Polyglot();
 
@@ -133,6 +137,20 @@ Ghost.prototype.init = function () {
     }).then(function () {
         // Initialize the permissions actions and objects
         return permissions.init();
+    }).then(function () {
+        // get the settings and whatnot
+        return when(models.Settings.read('dbHash')).then(function (dbhash) {
+            // we already ran this, chill
+            self.dbHash = dbhash.attributes.value;
+            return dbhash.attributes.value;
+        }).otherwise(function (error) {
+            // this is where all the "first run" functionality should go
+            var dbhash = uuid.v4();
+            return when(models.Settings.add({key: 'dbHash', value: dbhash})).then(function (returned) {
+                self.dbHash = dbhash;
+                return dbhash;
+            });
+        });
     }, errors.logAndThrowError);
 };
 
diff --git a/index.js b/index.js
index eb71bbf89f..e66aa25f96 100644
--- a/index.js
+++ b/index.js
@@ -63,7 +63,7 @@ function auth(req, res, next) {
 
 // While we're here, let's clean up on aisle 5
 // That being ghost.notifications, and let's remove the passives from there
-// plus the local messages, as the have already been added at this point
+// plus the local messages, as they have already been added at this point
 // otherwise they'd appear one too many times
 function cleanNotifications(req, res, next) {
     ghost.notifications = _.reject(ghost.notifications, function (notification) {
@@ -177,41 +177,38 @@ function disableCachedResult(req, res, next) {
     next();
 }
 
-// ##Configuration
-ghost.app().configure(function () {
-    ghost.app().use(isGhostAdmin);
-    ghost.app().use(express.favicon(__dirname + '/content/images/favicon.ico'));
-    ghost.app().use(I18n.load(ghost));
-    ghost.app().use(express.bodyParser({}));
-    ghost.app().use(express.bodyParser({uploadDir: __dirname + '/content/images'}));
-    ghost.app().use(express.cookieParser('try-ghost'));
-    ghost.app().use(express.cookieSession({ cookie: { maxAge: 60000000 }}));
-    ghost.app().use(ghost.initTheme(ghost.app()));
-
-    if (process.env.NODE_ENV !== "development") {
-        ghost.app().use(express.logger());
-        ghost.app().use(express.errorHandler({ dumpExceptions: false, showStack: false }));
-    }
-});
-
-// Development only configuration
-ghost.app().configure("development", function () {
-    ghost.app().use(express.errorHandler({ dumpExceptions: true, showStack: true }));
-    ghost.app().use(express.logger('dev'));
-});
-
-
 // Expose the promise we will resolve after our pre-loading
 ghost.loaded = loading.promise;
 
 when.all([ghost.init(), filters.loadCoreFilters(ghost), helpers.loadCoreHelpers(ghost)]).then(function () {
 
+    // ##Configuration
+    ghost.app().configure(function () {
+        ghost.app().use(isGhostAdmin);
+        ghost.app().use(express.favicon(__dirname + '/content/images/favicon.ico'));
+        ghost.app().use(I18n.load(ghost));
+        ghost.app().use(express.bodyParser({}));
+        ghost.app().use(express.bodyParser({uploadDir: __dirname + '/content/images'}));
+        ghost.app().use(express.cookieParser(ghost.dbHash));
+        ghost.app().use(express.cookieSession({ cookie: { maxAge: 60000000 }}));
+        ghost.app().use(ghost.initTheme(ghost.app()));
+        if (process.env.NODE_ENV !== "development") {
+            ghost.app().use(express.logger());
+            ghost.app().use(express.errorHandler({ dumpExceptions: false, showStack: false }));
+        }
+    });
+
+    // Development only configuration
+    ghost.app().configure("development", function () {
+        ghost.app().use(express.errorHandler({ dumpExceptions: true, showStack: true }));
+        ghost.app().use(express.logger('dev'));
+    });
+
     // post init config
     ghost.app().use(ghostLocals);
-    // because science
+    // So on every request we actually clean out reduntant passive notifications from the server side
     ghost.app().use(cleanNotifications);
 
-
     // ## Routing
 
     // ### API routes