diff --git a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java
index 1719b97b4..528e2a2bc 100644
--- a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java
+++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java
@@ -88,7 +88,10 @@ public boolean validate(ProceedingJoinPoint pjp) {
             HttpSession session = request.getSession(false);
             if (session == null) throw new AuthorizeException("未登录", 401);
             user = httpSessionManager.getUserBySessionId(session.getId());
-            if (user == null) throw new AuthorizeException("未登录", 401);
+            if (user == null)
+                user = (User) session.getAttribute("user");
+            if (user == null)
+                throw new AuthorizeException("未登录", 401);
         }
         if (config.isEmpty()) return true;
         Map<String, Object> param = new LinkedHashMap<>();