diff --git a/app/Plugins/Comment/resources/views/topic/create.blade.php b/app/Plugins/Comment/resources/views/topic/create.blade.php
index 5b8277337..58dc4e124 100644
--- a/app/Plugins/Comment/resources/views/topic/create.blade.php
+++ b/app/Plugins/Comment/resources/views/topic/create.blade.php
@@ -62,6 +62,7 @@
             const formData = new FormData();
             formData.append('file', blobInfo.blob(), blobInfo.filename());
             formData.append('_token', csrf_token);
+            formData.append('_session', _token);
             axios.post("/user/upload/image",formData,{
                 'Content-type' : 'multipart/form-data'
             }).then(function(r){
diff --git a/app/Plugins/Comment/resources/views/topic/edit.blade.php b/app/Plugins/Comment/resources/views/topic/edit.blade.php
index b4645ec8d..fc8a3bf2f 100644
--- a/app/Plugins/Comment/resources/views/topic/edit.blade.php
+++ b/app/Plugins/Comment/resources/views/topic/edit.blade.php
@@ -69,6 +69,7 @@
             const formData = new FormData();
             formData.append('file', blobInfo.blob(), blobInfo.filename());
             formData.append('_token', csrf_token);
+            formData.append('_session', _token);
             axios.post("/user/upload/image",formData,{
                 'Content-type' : 'multipart/form-data'
             }).then(function(r){
diff --git a/app/Plugins/Topic/resources/views/create/basis.blade.php b/app/Plugins/Topic/resources/views/create/basis.blade.php
index e36924fe6..56662c271 100644
--- a/app/Plugins/Topic/resources/views/create/basis.blade.php
+++ b/app/Plugins/Topic/resources/views/create/basis.blade.php
@@ -71,6 +71,7 @@
         const formData = new FormData();
         formData.append('file', blobInfo.blob(), blobInfo.filename());
         formData.append('_token', csrf_token);
+        formData.append('_session', _token);
         axios.post("/user/upload/image",formData,{
             'Content-type' : 'multipart/form-data'
         }).then(function(r){
diff --git a/app/Plugins/Topic/resources/views/edit/basis.blade.php b/app/Plugins/Topic/resources/views/edit/basis.blade.php
index e067b39e3..65218cf4f 100644
--- a/app/Plugins/Topic/resources/views/edit/basis.blade.php
+++ b/app/Plugins/Topic/resources/views/edit/basis.blade.php
@@ -40,6 +40,7 @@
         const formData = new FormData();
         formData.append('file', blobInfo.blob(), blobInfo.filename());
         formData.append('_token', csrf_token);
+        formData.append('_session', _token);
         axios.post("/user/upload/image",formData,{
             'Content-type' : 'multipart/form-data'
         }).then(function(r){
diff --git a/app/Plugins/User/src/AuthGuard.php b/app/Plugins/User/src/AuthGuard.php
index 6f209033d..f23c38098 100644
--- a/app/Plugins/User/src/AuthGuard.php
+++ b/app/Plugins/User/src/AuthGuard.php
@@ -8,7 +8,6 @@
  * @contact  laravel@88.com
  * @license  https://github.com/zhuchunshu/super-forum/blob/master/LICENSE
  */
-
 namespace App\Plugins\User\src;
 
 use App\Plugins\User\src\Models\UsersAuth;
@@ -44,20 +43,27 @@ public function logout(): bool
             'user_id' => $this->user()->getId(),
             'token' => session()->get('AUTH_TOKEN'),
         ])->delete();
-        return (bool)$this->session->remove($this->sessionKey()) && $this->session->remove('AUTH_TOKEN');
+        return (bool) $this->session->remove($this->sessionKey()) && $this->session->remove('AUTH_TOKEN');
     }
 
-    public function check(): bool
+    public function check(string $token = null): bool
     {
         try {
-            return $this->user() instanceof Authenticatable && call_user_func(function () {
+            return $this->user() instanceof Authenticatable && call_user_func(function () use ($token) {
+                if ($token === null) {
                     return UsersAuth::query()->where([
                         'user_id' => $this->user()->getId(),
                         'user_ip' => get_client_ip(),
                         'token' => session()->get('AUTH_TOKEN'),
                         'user_agent' => get_user_agent(),
                     ])->exists();
-                }) === true;
+                }
+                return UsersAuth::query()->where([
+                    'user_id' => $this->user()->getId(),
+                    'token' => session()->get('AUTH_TOKEN'),
+                    'user_agent' => get_user_agent(),
+                ])->exists();
+            }) === true;
         } catch (AuthException $exception) {
             return false;
         }
diff --git a/app/Plugins/User/src/Middleware/LoginMiddleware.php b/app/Plugins/User/src/Middleware/LoginMiddleware.php
index 8a1d24b8a..ec56b0a65 100755
--- a/app/Plugins/User/src/Middleware/LoginMiddleware.php
+++ b/app/Plugins/User/src/Middleware/LoginMiddleware.php
@@ -34,7 +34,8 @@ public function __construct(ContainerInterface $container)
 
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
-        if (! auth()->check()) {
+        $token = request()->input('_session', null);
+        if (! auth()->check($token)) {
             throw new UnauthorizedException('Without authorization');
         }