diff --git a/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java b/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java
index 466027836..c319584c1 100644
--- a/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java
+++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java
@@ -73,14 +73,17 @@ public static void removeCurrentUser() {
     public static User getLoginUser(HttpServletRequest request) {
         if (request == null) return ThreadLocalUtils.get("current-user");
         HttpSession session = request.getSession(false);
-        if (session == null) {
+        User user = null;
+        if (session != null) {
+            user = getLoginUser(session);
+        }
+        if (user == null) {
             OAuth2Manager manager = OAuth2ManagerHolder.getManager();
             if (manager != null) {
-                return manager.getUserByRequest(request);
+                user = manager.getUserByRequest(request);
             }
-            return null;
         }
-        return getLoginUser(session);
+        return user;
     }
 
     public static Map<String, String> getHeaders(HttpServletRequest request) {