diff --git a/config/configuration.yml.example b/config/configuration.yml.example
index 9fefdde22..2224cd130 100644
--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
@@ -154,6 +154,15 @@ default:
   #
   #mirror_plugins_assets_on_startup: false
 
+  # Your secret key for verifying cookie session data integrity. If you
+  # change this key, all old sessions will become invalid! Make sure the
+  # secret is at least 30 characters and all random, no regular words or
+  # you'll be exposed to dictionary attacks.
+  #
+  # If you have a load-balancing Redmine cluster, you have to use the
+  # same secret token on each machine.
+  #secret_token: 'change it to a long random string'
+
 # specific configuration options for production environment
 # that overrides the default ones
 production:
diff --git a/config/initializers/30-redmine.rb b/config/initializers/30-redmine.rb
index 58972b023..11a248959 100644
--- a/config/initializers/30-redmine.rb
+++ b/config/initializers/30-redmine.rb
@@ -4,6 +4,12 @@ I18n::Backend::Simple.send(:include, I18n::Backend::Fallbacks)
 
 require 'redmine'
 
+# Load the secret token from the Redmine configuration file
+secret = Redmine::Configuration['secret_token']
+if secret.present?
+  RedmineApp::Application.config.secret_token = secret
+end
+
 Redmine::Plugin.load
 unless Redmine::Configuration['mirror_plugins_assets_on_startup'] == false
   Redmine::Plugin.mirror_assets