diff --git a/rowers/longtask.py b/rowers/longtask.py
index f1fb8823..fda8bf90 100644
--- a/rowers/longtask.py
+++ b/rowers/longtask.py
@@ -61,7 +61,7 @@ def longtask(aantal,jobid=None,debug=False,
 
     return 1
 
-def longtask2(aantal,jobid=None,debug=False):
+def longtask2(aantal,jobid=None,debug=False,secret=''):
     counter = 0
 
     channel = 'tasks'
@@ -80,7 +80,8 @@ def longtask2(aantal,jobid=None,debug=False):
                     url = SITE_URL
                 url += "/rowers/record-progress/"
                 url += str(progress)+"/"+jobid
-                s = requests.get(url)
+                post_data = {"secret":secret}
+                s = requests.post(url, data=post_data)
                 if debug:
                     print url
                     print s
diff --git a/rowers/views.py b/rowers/views.py
index 7b9114fa..17f9ba5f 100644
--- a/rowers/views.py
+++ b/rowers/views.py
@@ -14,6 +14,7 @@ from django.views.generic.base import TemplateView
 from django.db.models import Q
 from django import template
 from django.db import IntegrityError, transaction
+from django.views.decorators.csrf import csrf_exempt
 
 from django.shortcuts import render
 from django.http import (
@@ -349,7 +350,8 @@ def test_job_view(request,aantal=100):
 def test_job_view2(request,aantal=100):
 
 
-    job = myqueue(queuehigh,long_test_task2,int(aantal))
+    job = myqueue(queuehigh,long_test_task2,int(aantal),
+                  secret=settings.PROGRESS_CACHE_SECRET)
 
 
     try:
@@ -361,14 +363,22 @@ def test_job_view2(request,aantal=100):
 
     return HttpResponseRedirect(url)
 
+@csrf_exempt
 def post_progress(request,id=None,value=0):
-    if id:
-        cache.set(id,value,3600)
+    if request.method == 'POST':
+        secret = request.POST['secret']
+        if secret == settings.PROGRESS_CACHE_SECRET:
+            if id:
+                cache.set(id,value,3600)
+                # test
+                result = cache.get(id)
 
-    # test
-    result = cache.get(id)
+                return HttpResponse('progress cached '+str(result),status=200)
+        else:
+            return HttpResponse('access denied',status=400)
 
-    return HttpResponse('progress cached '+str(result),status=200)
+    else:
+        return HttpResponse('hi',status=200)
     
 def get_all_queued_jobs(userid=0):
     r = StrictRedis()
@@ -9508,7 +9518,7 @@ def strokedataform(request,id=0):
 # Process the POSTed stroke data according to the API definition
 # Return the GET stroke data according to the API definition
 from rest_framework_swagger.renderers import OpenAPIRenderer, SwaggerUIRenderer
-from django.views.decorators.csrf import csrf_exempt
+
 @csrf_exempt
 @login_required()
 @api_view(['GET','POST'])
diff --git a/rowsandall_app/settings.py b/rowsandall_app/settings.py
index 7f8a63b2..ac9b9a8d 100644
--- a/rowsandall_app/settings.py
+++ b/rowsandall_app/settings.py
@@ -221,6 +221,10 @@ LOGIN_REDIRECT_URL = '/rowers/list-workouts/'
 LOGIN_URL = '/login/'
 LOGOUT_URL = '/logout/'
 
+# Update Cache with task progress password
+
+PROGRESS_CACHE_SECRET = CFG['progress_cache_secret']
+
 # Concept 2
 C2_CLIENT_ID = CFG['c2_client_id']
 C2_CLIENT_SECRET = CFG['c2_client_secret']