diff --git a/app/api/BaseController.php b/app/api/BaseController.php
index 7f9668c..912c459 100644
--- a/app/api/BaseController.php
+++ b/app/api/BaseController.php
@@ -97,10 +97,15 @@ abstract class BaseController
     protected function checkLogin()
     {
         $session_admin = get_config('app.session_admin');
-        if (!Session::has($session_admin)) {
+        $header = Request::header();
+        $token = $header['token'] ?? '';
+        if (!Session::has($session_admin) || !$token) {
             $this->apiError('请先登录');
         }
-		else{
+        if ($token) {
+            
+        }
+		if (Session::has($session_admin)) {
             $this->uid = Session::get($session_admin);
 			$login_admin = Db::name('Admin')->where(['id' => $this->uid])->find();
 			$this->did = $login_admin['did'];
diff --git a/app/home/controller/Login.php b/app/home/controller/Login.php
index d82ff52..f4b9332 100644
--- a/app/home/controller/Login.php
+++ b/app/home/controller/Login.php
@@ -46,16 +46,17 @@ class Login
         if ($admin['status'] != 1) {
             return to_assign(1, '该用户禁止登录,请与管理者联系');
         }
+        $token = make_token();
         $data = [
 			'is_lock' => 0,
             'last_login_time' => time(),
             'last_login_ip' => request()->ip(),
             'login_num' => $admin['login_num'] + 1,
+            'token' => $token
         ];
         Db::name('admin')->where(['id' => $admin['id']])->update($data);
         $session_admin = get_config('app.session_admin');
         Session::set($session_admin, $admin['id']);
-        $token = make_token();
         set_cache($token, $admin, 7200);
         $admin['token'] = $token;
 		$logdata = [
@@ -69,7 +70,7 @@ class Login
 			'create_time' => time()
         ];
 		Db::name('AdminLog')->strict(false)->field(true)->insert($logdata);
-        return to_assign(0, '登录成功', ['uid' => $admin['id']]);
+        return to_assign(0, '登录成功', ['uid' => $admin['id'], 'token' => $token]);
     }
 
     //退出登录
diff --git a/app/home/validate/UserCheck.php b/app/home/validate/UserCheck.php
index ba67a18..cdc50f9 100644
--- a/app/home/validate/UserCheck.php
+++ b/app/home/validate/UserCheck.php
@@ -14,7 +14,7 @@ class UserCheck extends Validate
     protected $rule = [
         'username' => 'require',
         'password' => 'require',
-        'captcha' => 'require|captcha',
+        'captcha' => 'captcha',
     ];
 
     protected $message = [