diff --git a/gateway/main.go b/gateway/main.go
index 178942a..e9cb80a 100644
--- a/gateway/main.go
+++ b/gateway/main.go
@@ -30,6 +30,12 @@ func main() {
 
 	// 配置 Session 中间件
 	store := cookie.NewStore([]byte("secret"))
+	store.Options(sessions.Options{
+		MaxAge:   86400 * 7,
+		HttpOnly: true,
+		Secure:   false,                // 如果是HTTPS需要设为true
+		SameSite: http.SameSiteLaxMode, // 允许跨站携带cookie
+	})
 	r.Use(sessions.Sessions("mysession", store))
 
 	// 登录页面
@@ -42,15 +48,18 @@ func main() {
 		username := c.PostForm("username")
 		password := c.PostForm("password")
 
-		// 简单的用户名密码校验
-		if username == "admin" && password == "password" {
+		if username == "admin" && password == "123" {
 			session := sessions.Default(c)
 			session.Set("user", username)
-			session.Save()
-			c.Redirect(http.StatusFound, "/")
-		} else {
-			c.HTML(http.StatusUnauthorized, "login.html", gin.H{"error": "Invalid credentials"})
+			if err := session.Save(); err != nil {
+				logger.Errorf("Session保存失败: %v", err)
+				c.HTML(http.StatusInternalServerError, "login.html", gin.H{"error": "登录状态保存失败"})
+				return
+			}
+			c.Redirect(http.StatusSeeOther, "/") // 改用303状态码
+			return
 		}
+		c.HTML(http.StatusUnauthorized, "login.html", gin.H{"error": "用户名或密码错误"})
 	})
 
 	// 权限校验中间件