diff --git a/src/lib/Server.js b/src/lib/Server.js
index d2e9d070..014bb484 100644
--- a/src/lib/Server.js
+++ b/src/lib/Server.js
@@ -2,6 +2,7 @@
 
 const path = require('path');
 const bcrypt = require('bcryptjs');
+const crypto = require('node:crypto');
 
 const express = require('express');
 const expressSession = require('express-session');
@@ -27,9 +28,10 @@ module.exports = class Server {
       .use('/', express.static(path.join(__dirname, '..', 'www')))
       .use(express.json())
       .use(expressSession({
-        secret: String(Math.random()),
+        secret: crypto.randomBytes(256).toString('hex'),
         resave: true,
         saveUninitialized: true,
+        secure: true,
       }))
 
       .get('/api/release', (Util.promisify(async () => {
diff --git a/src/www/js/app.js b/src/www/js/app.js
index 2021ea2e..ee3c1161 100644
--- a/src/www/js/app.js
+++ b/src/www/js/app.js
@@ -131,7 +131,7 @@ new Vue({
       const clients = await this.api.getClients();
       this.clients = clients.map((client) => {
         if (client.name.includes('@') && client.name.includes('.')) {
-          client.avatar = `https://www.gravatar.com/avatar/${md5(client.name)}?d=blank`;
+          client.avatar = `https://www.gravatar.com/avatar/${sha512(client.name)}?d=blank`;
         }
 
         if (!this.clientsPersist[client.id]) {