diff --git a/mysite/settings.py b/mysite/settings.py
index f209437a..7a31f364 100644
--- a/mysite/settings.py
+++ b/mysite/settings.py
@@ -142,4 +142,7 @@ CELERYD_MAX_TASKS_PER_CHILD = 10
 CELERY_TIMEZONE='Asia/Shanghai' 
 CELERY_ENABLE_UTC=True
 
+##配置session
+SESSION_EXPIRE_AT_BROWSER_CLOSE =  True
+SESSION_SAVE_EVERY_REQUEST = True
 
diff --git a/safesite/static/safesite/mystatic/js/util.js b/safesite/static/safesite/mystatic/js/util.js
index fd54a0b0..b7b2c57e 100644
--- a/safesite/static/safesite/mystatic/js/util.js
+++ b/safesite/static/safesite/mystatic/js/util.js
@@ -1,4 +1,12 @@
-function photoCompress(file, w, objDiv) {
+var csrftoken = $.cookie('csrftoken');
+$.ajaxSetup({
+    beforeSend: function(xhr, settings) {
+        if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+            xhr.setRequestHeader("X-CSRFToken", csrftoken);
+        }
+    }
+});
+function photoCompress(file, w, objDiv) {
     var ready = new FileReader();
     /*开始读取指定的Blob对象或File对象中的内容. 当读取操作完成时,readyState属性的值会成为DONE,如果设置了onloadend事件处理程序,则调用之.同时,result属性中将包含一个data: URL格式的字符串以表示所读取文件的内容.*/
     ready.readAsDataURL(file);
diff --git a/safesite/templates/index.html b/safesite/templates/index.html
index 9b32ba09..c531536c 100644
--- a/safesite/templates/index.html
+++ b/safesite/templates/index.html
@@ -85,7 +85,7 @@
             </div>
             <div style="text-align: center;position: fixed;width: 500px;height: 70px;top: 40px;right: 60px;">
                 <a style="color: #eee5e7;cursor: pointer;" class="easyui-linkbutton" iconCls="fa-sign-out" plain=true
-                   onclick="loginout()">安全退出</a>
+                   onclick="logout()">安全退出</a>
                 <a style="color: #eee5e7;cursor: pointer;" id="bindwx" class="easyui-linkbutton" iconCls="fa-weixin" plain=true
                    onclick="bindwx()">绑定微信</a>
                 <a style="color: #eee5e7;cursor: pointer;" class="easyui-linkbutton" iconCls="fa-key" plain=true
@@ -167,10 +167,10 @@
         if (issuper == 1) { $('#setupb').show() }
         if (openid == 0 && issuper != 1) { $('#wxdg').dialog(); } else { $('#bindwx').text('解绑微信'); };
         if (headimgurl != 0) { $('#headimg').attr('src', headimgurl); }
-        function loginout() {
+        function logout() {
             $.messager.confirm('系统提示', '您确定要退出本次登录吗?', function (r) {
                 if (r) {
-                    location.href = 'loginout';
+                    location.href = 'logout';
                 }
             });
         }
diff --git a/safesite/templates/login.html b/safesite/templates/login.html
index 653e3202..11d9529f 100644
--- a/safesite/templates/login.html
+++ b/safesite/templates/login.html
@@ -122,6 +122,7 @@
                 企业安全生产管理系统
             </div>
             <form id="dlform" action="{% url 'login' %}" method="post">
+                    {% csrf_token %}
                 <div class="login-center clearfix">
                     <div class="login-center-img"><img src="/static/safesite/mystatic/images/name.png" /></div>
                     <div class="login-center-input">
diff --git a/safesite/urls.py b/safesite/urls.py
index 8c8fce47..209b3d45 100644
--- a/safesite/urls.py
+++ b/safesite/urls.py
@@ -5,8 +5,10 @@ from django.conf import settings
 from django.conf.urls.static import static
 
 urlpatterns = [
-    path('', views.login,name='login'),
-    path('loginout',views.loginout,name='loginout'),
+    path('', views.index,name='index'),
+    path('login',views.login,name='login'),
+    path('index', views.index,name='index'),
+    path('logout',views.logout,name='logout'),
     path('changepwd',views.changepwd),
     path('reporthtml',views.reporthtml),
     path('troublehtml',views.troublehtml),
diff --git a/safesite/views.py b/safesite/views.py
index b586a55c..9be50f12 100644
--- a/safesite/views.py
+++ b/safesite/views.py
@@ -239,28 +239,26 @@ def check_login(func):
         else:
             try:
                 auth = request.META.get('HTTP_AUTHORIZATION').split()
+                # 用户通过 API 获取数据验证流程
+                if auth[0].lower() == 'token':
+                    try:
+                        dict = jwt.decode(auth[1], 'safeyun', algorithms=['HS256'])
+                        userid = dict.get('data').get('userid')
+                    except jwt.ExpiredSignatureError:
+                        return JsonResponse({"status_code": 401, "message": "Token expired"})
+                    except jwt.InvalidTokenError:
+                        return JsonResponse({"status_code": 401, "message": "Invalid token"})
+                    except Exception as e:
+                        return JsonResponse({"status_code": 401, "message": "Can not get user object"})
+                    try:
+                        user = User.objects.get(userid=userid)
+                    except user.DoesNotExist:
+                        return JsonResponse({"status_code": 401, "message": "User Does not exist"})
+                else:
+                    return JsonResponse({"status_code": 401, "message": "Not support auth type"})
             except AttributeError:
-                return JsonResponse({"code": 401, "message": "No authenticate header"})
-
-            # 用户通过 API 获取数据验证流程
-            if auth[0].lower() == 'token':
-                try:
-                    dict = jwt.decode(auth[1], 'safeyun', algorithms=['HS256'])
-                    userid = dict.get('data').get('userid')
-                except jwt.ExpiredSignatureError:
-                    return JsonResponse({"status_code": 401, "message": "Token expired"})
-                except jwt.InvalidTokenError:
-                    return JsonResponse({"status_code": 401, "message": "Invalid token"})
-                except Exception as e:
-                    return JsonResponse({"status_code": 401, "message": "Can not get user object"})
-                try:
-                    user = User.objects.get(userid=userid)
-                except user.DoesNotExist:
-                    return JsonResponse({"status_code": 401, "message": "User Does not exist"})
-            else:
-                return JsonResponse({"status_code": 401, "message": "Not support auth type"})
-
-            #return redirect("login.html")
+                #return JsonResponse({"code": 401, "message": "No authenticate header"})
+                return redirect('login')
     return warpper
 
 #存储文件
@@ -283,22 +281,51 @@ def login(req):
         user = User.objects.filter(username__exact = username, password__exact = password,deletemark=1)
         if user:
             #比较成功，跳转index
-            userid = user[0].userid
-            name = user[0].name
-            openid=user[0].openid
-            headimgurl=user[0].headimgurl
-            nickname=user[0].nickname
-            issuper = user[0].issuper
-            req.session['userid'] = userid
-            #req.session.set_expiry(3600)
-            companyid = getcompany(userid)
-            companyname = Partment.objects.get(partid=companyid).partname
-            return render(req, 'index.html',{'username':name,'userid':userid,'openid':openid,'headimgurl':headimgurl,'nickname':nickname,'companyname':companyname,'issuper':issuper,'token':user[0].token})
+            req.session['userid'] = user[0].userid
+            req.session.set_expiry(60*30)
+            return redirect('index')
         else:
             return render(req,'login.html',{'msg':'用户名或密码错误！'})
     else:
         return render(req,'login.html')
 
+@check_login
+def index(req):
+    userid = req.session['userid']
+    user=User.objects.get(userid=userid)
+    companyname = user.usecomp.partname
+    name = user.name
+    openid=user.openid
+    headimgurl=user.headimgurl
+    nickname=user.nickname
+    issuper = user.issuper
+    return render(req, 'index.html',{'username':name,'userid':userid,'openid':openid,'headimgurl':headimgurl,'nickname':nickname,'companyname':companyname,'issuper':issuper,'token':user.token})
+
+def logout(req):
+    #清理cookie里保存username
+    #del req.session['username']
+    # if "userid" in req.session:
+    #     del req.session['userid']
+    req.session.flush()
+    #req.session.flush()
+    #req.session.delete("session_key")
+    return render(req,'login.html')
+
+@check_login
+def changepwd(req):
+#if 'userid' in req.session:
+    userid = req.session['userid']
+    oldpassword = req.POST.get('oldpassword')
+    newpassword = req.POST.get('newpassword')
+    a = User.objects.get(userid=userid)
+    if a.password == oldpassword:
+        a.password = newpassword
+        a.save()
+        del req.session['userid']
+        return JsonResponse({"code":1})
+    else:
+        return JsonResponse({"code":2})
+
 @check_login
 def mainhtml(req):
     #计算一些数据
@@ -494,40 +521,6 @@ def apirights(req):
         allrights = Group.objects.get(usecomp__partid=companyid,grouptype=0).menulink.split(',')
         return JsonResponse({'code':1,'rights':allrights})
 
-def loginout(req):
-    #清理cookie里保存username
-    #del req.session['username']
-    # if "userid" in req.session:
-    #     del req.session['userid']
-    req.session.flush()
-    #req.session.flush()
-    #req.session.delete("session_key")
-    return render(req,'login.html')
-
-def index(req):
-    try:
-        userid = req.session['userid']
-    except:
-        return render(req,'login.html')
-    user=User.objects.get(userid=userid)
-    return render(req, 'index.html',{'username':user.name,'userid':user.userid,'openid':user.openid,'headimgurl':user.headimgurl,'nickname':nickname})
-
-@check_login
-def changepwd(req):
-#if 'userid' in req.session:
-    userid = req.session['userid']
-    oldpassword = req.POST.get('oldpassword')
-    newpassword = req.POST.get('newpassword')
-    a = User.objects.get(userid=userid)
-    if a.password == oldpassword:
-        a.password = newpassword
-        a.save()
-        del req.session['userid']
-        return JsonResponse({"code":1})
-    else:
-        return JsonResponse({"code":2})
-
-
 def addyh(req):
     userid=req.session['userid']
     user=User.objects.get(userid=userid)
@@ -2582,7 +2575,7 @@ def gchandle(req):
     elif a == 'listsearch':
         startnum,endnum=fenye(req)
         a = Observe.objects.filter(usecomp=Partment.objects.get(partid=companyid),deletemark=1)
-        print(req.GET.get('qssj'))
+        #print(req.GET.get('qssj'))
         if req.GET.get('gcr'):
             a = a.filter(looker__userid=req.GET.get('gcr'))
         if req.GET.get('gcbm'):
@@ -4119,7 +4112,7 @@ def apioperation(req):
         return JsonResponse({"code":1})
     elif a == 'gbzy':#关闭作业
         data = json.loads(req.body.decode('utf-8'))
-        print(data)
+        #print(data)
         zyid = data['zyid']
         zyimg2 = data['zyimg2']
         obj = Operation.objects.get(zyid=zyid)
@@ -4526,7 +4519,7 @@ def apiexamtest(req):
         return JsonResponse({"code":1})
     elif a == 'add2':
         data = json.loads(req.body.decode('utf-8'))
-        print(data)
+        #print(data)
         obj = ExamTest()
         obj.num='KS'+time.strftime('%Y%m%d%H%M%S')
         obj.name = data['name']
@@ -5466,7 +5459,6 @@ def apiriskcheck2(req):
         user = User.objects.get(userid=userid)
         objs = RiskActTask.objects.filter(riskact__id=data['riskact'],usable=1,user=None,istask=1)#匹配未处理的任务
         if objs.exists():
-            print('xx')
             obj=objs[0]
             obj.user=user
             obj.taskdo=nowtime