diff --git a/server/WebApi.cpp b/server/WebApi.cpp
index aabc57e3..f68f6128 100755
--- a/server/WebApi.cpp
+++ b/server/WebApi.cpp
@@ -2428,12 +2428,7 @@ void installWebApi() {
 
     api_regist("/index/api/login", [](API_ARGS_MAP) {
         auto logined_cookie = HttpCookieManager::Instance().getCookie(kLoginedCookieName, allArgs.getParser().getHeader());
-        if (logined_cookie) {
-            // 已经登录成功
-            val["code"] = API::Success;
-            val["msg"] = "You are already logined";
-            return;
-        }
+
         CHECK_ARGS("digest");
         GET_CONFIG(std::string, api_secret, API::kSecret);
 
@@ -2446,11 +2441,19 @@ void installWebApi() {
                 headerOut["Set-Cookie"] = unlogin_cookie->getCookie(kLoginCookiePath);
             }
             val["cookie"] = unlogin_cookie->getCookie();
+            if (logined_cookie) {
+                // secret校验失败，注销登录
+                logined_cookie->setExpired();
+                HttpCookieManager::Instance().delCookie(logined_cookie);
+                headerOut.emplace_force("Set-Cookie", logined_cookie->getCookie(kLoginCookiePath));
+            }
             throw AuthException("Digest does not match, incorrect secret?", headerOut, val);
         }
-        // 登录成功, cookie保持24小时
-        logined_cookie = HttpCookieManager::Instance().addCookie(kLoginedCookieName, "", kLoginedCookieLifeSeconds);
-        headerOut["Set-Cookie"] = logined_cookie->getCookie(kLoginCookiePath);
+        if (!logined_cookie) {
+            // 未登陆状态，设置登录成功, cookie保持24小时
+            logined_cookie = HttpCookieManager::Instance().addCookie(kLoginedCookieName, "", kLoginedCookieLifeSeconds);
+            headerOut["Set-Cookie"] = logined_cookie->getCookie(kLoginCookiePath);
+        }
 
         // 删除未登录状态的cookie
         unlogin_cookie->setExpired();