diff --git a/options.go b/options.go
index 2a5ec97a4..a51e4747f 100644
--- a/options.go
+++ b/options.go
@@ -131,8 +131,12 @@ func optionsWithDefaults(opts Options) Options {
 	if opts.SessionStore == nil {
 		secret := envy.Get("SESSION_SECRET", "")
 		// In production a SESSION_SECRET must be set!
-		if opts.Env == "production" && secret == "" {
-			logrus.Warn("Unless you set SESSION_SECRET env variable, your session storage is not protected!")
+		if secret == "" {
+			if opts.Env == "development" || opts.Env == "test" {
+				secret = "buffalo-secret"
+			} else {
+				logrus.Warn("Unless you set SESSION_SECRET env variable, your session storage is not protected!")
+			}
 		}
 		opts.SessionStore = sessions.NewCookieStore([]byte(secret))
 	}
diff --git a/options_test.go b/options_test.go
new file mode 100644
index 000000000..7fcfc13f1
--- /dev/null
+++ b/options_test.go
@@ -0,0 +1,46 @@
+package buffalo
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/gobuffalo/envy"
+	"github.com/stretchr/testify/require"
+)
+
+func TestOptions_NewOptions(t *testing.T) {
+	tests := []struct {
+		name      string
+		env       string
+		secret    string
+		expectErr string
+	}{
+		{name: "Development doesn't fail with no secret", env: "development", secret: "", expectErr: "securecookie: the value is not valid"},
+		{name: "Development doesn't fail with secret set", env: "development", secret: "secrets", expectErr: "securecookie: the value is not valid"},
+		{name: "Test doesn't fail with secret set", env: "test", secret: "", expectErr: "securecookie: the value is not valid"},
+		{name: "Test doesn't fail with secret set", env: "test", secret: "secrets", expectErr: "securecookie: the value is not valid"},
+		{name: "Production fails with no secret", env: "production", secret: "", expectErr: "securecookie: hash key is not set"},
+		{name: "Production doesn't fail with secret set", env: "production", secret: "secrets", expectErr: "securecookie: the value is not valid"},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			r := require.New(t)
+			envy.Temp(func() {
+				envy.Set("GO_ENV", test.env)
+				envy.Set("SESSION_SECRET", test.secret)
+
+				opts := NewOptions()
+
+				req, _ := http.NewRequest("GET", "/", strings.NewReader(""))
+				req.AddCookie(&http.Cookie{Name: "_buffalo_session"})
+
+				_, err := opts.SessionStore.New(req, "_buffalo_session")
+
+				r.Error(err)
+				r.Equal(test.expectErr, err.Error())
+			})
+		})
+	}
+}