diff --git a/app/__init__.py b/app/__init__.py
index 2d20ff9..4f19735 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -8,6 +8,10 @@ import time
 app = Flask(__name__)
 app.config.from_object(Config)
 
+# Check security of secret
+if Config.SECRET_KEY == "a-random-secret-key":
+    raise Exception("Please use a strong secret key!")
+
 db = SQLAlchemy(app)
 migrate = Migrate(app, db)
 
diff --git a/app/routes/forum/index.py b/app/routes/forum/index.py
index 6ca1e19..0053338 100644
--- a/app/routes/forum/index.py
+++ b/app/routes/forum/index.py
@@ -1,13 +1,15 @@
 from flask_login import current_user
 from flask import request, redirect, url_for, abort, flash
 
+from app import app, db
+from config import V5Config
 from app.utils.render import render
 from app.forms.forum import TopicCreationForm
 from app.models.forum import Forum
 from app.models.topic import Topic
 from app.models.thread import Thread
 from app.models.comment import Comment
-from app import app, db
+
 
 @app.route('/forum/')
 def forum_index():
@@ -36,6 +38,9 @@ def forum_page(f):
         db.session.add(t)
         db.session.commit()
 
+        # Update member's xp
+        current_user.add_xp(V5Config.XP_POINTS['topic'])
+
         flash('Le sujet a bien été créé', 'ok')
         return redirect(url_for('forum_topic', f=f, t=t))
 
diff --git a/app/routes/forum/topic.py b/app/routes/forum/topic.py
index 0a4d67c..aa4df91 100644
--- a/app/routes/forum/topic.py
+++ b/app/routes/forum/topic.py
@@ -22,6 +22,10 @@ def forum_topic(f, t):
         c = Comment(current_user, form.message.data, t.thread)
         db.session.add(c)
         db.session.commit()
+
+        # Update member's xp
+        current_user.add_xp(V5Config.XP_POINTS['comment'])
+
         flash('Message envoyé', 'ok')
         # Redirect to empty the form
         return redirect(url_for('forum_topic', f=f, t=t))
diff --git a/config.py b/config.py
index 1501d3b..892ccd5 100644
--- a/config.py
+++ b/config.py
@@ -1,14 +1,16 @@
 import os
 import datetime
-from local_config import DB_NAME
+from local_config import DB_NAME, SECRET_KEY
 
 
 class Config(object):
-    SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-random-secret-key'
+    SECRET_KEY = os.environ.get('SECRET_KEY') or SECRET_KEY
     SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
         'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' + DB_NAME
     SQLALCHEMY_TRACK_MODIFICATIONS = False
     UPLOAD_FOLDER = './app/static/avatars'
+    SESSION_COOKIE_SECURE = True
+    REMEMBER_COOKIE_SECURE = True
 
 
 class V5Config(object):
@@ -27,3 +29,11 @@ class V5Config(object):
     THREAD_NAME_MAXLEN = 32
     # Remember-me cookie duration time
     REMEMBER_COOKIE_DURATION = datetime.timedelta(days=7)
+    # XP points for content posting (and deletion)
+    XP_POINTS = {
+        'topic': 2,
+        'program': 5,
+        'tutorial': 5,
+        'comment': 1,
+        'contest': 10,
+    }
diff --git a/local_config.py.default b/local_config.py.default
index b6dfff2..e21a830 100644
--- a/local_config.py.default
+++ b/local_config.py.default
@@ -2,3 +2,4 @@ DB_NAME = "pcv5"
 USE_LDAP = False
 LDAP_PASSWORD = "openldap"
 LDAP_ORGANIZATION = "o=planet-casio"
+SECRET_KEY = "a-random-secret-key" # CHANGE THIS VALUE *NOW*