diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index b203cf8485..565c65de2f 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -3,11 +3,16 @@
 # Your secret key for verifying the integrity of signed cookies.
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks. 
-Openfoodnetwork::Application.config.secret_token = if Rails.env.development? or Rails.env.test?
+# no regular words or you'll be exposed to dictionary attacks.
+
+secret_key = if Rails.env.development? or Rails.env.test?
   ('x' * 30) # Meets basic minimum of 30 chars.
 else
   ENV["SECRET_TOKEN"]
 end
 
-Openfoodnetwork::Application.config.secret_key_base = 'ceb1eb86c50285e696f899b2e7ea306d1ec1e81fe5c7af0e5cbc238bebe3fd60f19df7b9076fab836182821ebe14e41b64bdcdb4370520dc5bb711c1bc0ae616'
+# Rails 4+ key for signing and encrypting cookies.
+Openfoodnetwork::Application.config.secret_key_base = secret_key
+
+# Legacy secret_token variable. This is still used directly for encryption.
+Openfoodnetwork::Application.config.secret_token = secret_key