diff --git a/route/__init__.py b/route/__init__.py
index c582d6910..49f10ec2f 100755
--- a/route/__init__.py
+++ b/route/__init__.py
@@ -46,7 +46,7 @@ except:
     app.config['SESSION_FILE_THRESHOLD'] = 1024
     app.config['SESSION_FILE_MODE'] = 384
 
-app.config['SESSION_PERMANENT'] = True
+app.config['SESSION_PERMANENT'] = False
 app.config['SESSION_USE_SIGNER'] = True
 app.config['SESSION_KEY_PREFIX'] = 'MW_:'
 app.config['SESSION_COOKIE_NAME'] = "MW_VER_1"
@@ -117,10 +117,11 @@ def checkLogin():
 
 @app.route("/login")
 def login():
-
+    print session
     dologin = request.args.get('dologin', '')
     if dologin == 'True':
         session.clear()
+        return redirect('/login')
 
     if isLogined():
         return redirect('/')
@@ -162,7 +163,7 @@ def index(reqClass=None, reqAction=None, reqData=None):
     classFile = ('config', 'control', 'crontab', 'files', 'firewall',
                  'index', 'plugins', 'login', 'system', 'site', 'task', 'soft')
     if not reqClass in classFile:
-        return '403 no access!'
+        return redirect('/')
 
     if reqAction == None:
         if not isLogined():
diff --git a/route/templates/default/login.html b/route/templates/default/login.html
index 9f21f1113..b65b793c1 100755
--- a/route/templates/default/login.html
+++ b/route/templates/default/login.html
@@ -209,7 +209,9 @@ $('#login-button').click(function(){
 	$.post('/do_login',data,function(rdata){
 		layer.close(loadT);
 		if(!rdata.status){
-			if(username == 'admin' && rdata.msg.indexOf('用户名') != -1) rdata.msg += ', <br>获取默认用户和密码命令： mw default';
+			if(username == 'admin' && rdata.msg.indexOf('用户名') != -1){
+				rdata.msg += ', <br>获取默认用户和密码命令： mw default';
+			}
 			$("#errorStr").html(rdata.msg);
 			$("input[name='password']").val('');
 			num = rdata.msg.substring(rdata.msg.indexOf('[')+1,rdata.msg.indexOf(']'))