Fill session cookie secret with random generated app_uuid.
By default this setup is much more secure since it uses
SignedCookies instead of plain ones