diff --git a/src/main/java/com/codermy/myspringsecurityplus/security/filter/JwtAuthenticationTokenFilter.java b/src/main/java/com/codermy/myspringsecurityplus/security/filter/JwtAuthenticationTokenFilter.java
index 3851f7463d4ac7f2c8ddd0062478a289bd51df43..2c69e183097dd00e053e62cc8cd17aa0c8a70d2c 100644
--- a/src/main/java/com/codermy/myspringsecurityplus/security/filter/JwtAuthenticationTokenFilter.java
+++ b/src/main/java/com/codermy/myspringsecurityplus/security/filter/JwtAuthenticationTokenFilter.java
@@ -14,6 +14,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -39,15 +40,13 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
     protected void doFilterInternal(HttpServletRequest request,
                                     HttpServletResponse response,
                                     FilterChain chain) throws ServletException, IOException {
-        //拿到requset中的head
-        String authHeader = request.getHeader(this.tokenHeader);
-        if (authHeader != null && authHeader.startsWith(this.tokenHead)) {
-            // The part after "Bearer "
-            String authToken = authHeader.substring(this.tokenHead.length());
+        Cookie[] cookies = request.getCookies();
+        String token = getCookieByName(cookies);
+        if (token != null) {
             //解析token获取用户名
-            String username = jwtUtils.getUserNameFromToken(authToken);
+            String username = jwtUtils.getUserNameFromToken(token);
             log.info("checking username:{}", username);
-            if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+            if (username != null) {
                 UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
                 if (userDetails != null) {
                     UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
@@ -59,5 +58,18 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
         }
         chain.doFilter(request, response);
     }
+
+    public String getCookieByName(Cookie[] cookies) {
+        String token = null;
+        if (cookies != null) {
+            for (Cookie cookie : cookies) {
+                if (cookie.getName().equals(this.tokenHeader)) {
+                    token = cookie.getValue();
+                    break;
+                }
+            }
+        }
+        return token;
     }
+}
 
diff --git a/src/main/java/com/codermy/myspringsecurityplus/security/handler/MyAuthenticationSuccessHandler.java b/src/main/java/com/codermy/myspringsecurityplus/security/handler/MyAuthenticationSuccessHandler.java
index b7cb2a6bf7849ecaa85ad0a13be87eeafd8690dd..0fa02d9bdb9b892c7eb27d13d1b1d6e807fd35a0 100644
--- a/src/main/java/com/codermy/myspringsecurityplus/security/handler/MyAuthenticationSuccessHandler.java
+++ b/src/main/java/com/codermy/myspringsecurityplus/security/handler/MyAuthenticationSuccessHandler.java
@@ -1,6 +1,7 @@
 package com.codermy.myspringsecurityplus.security.handler;
 
 import com.alibaba.fastjson.JSON;
+import com.codermy.myspringsecurityplus.security.dto.JwtUserDto;
 import com.codermy.myspringsecurityplus.security.utils.JwtUtils;
 import com.codermy.myspringsecurityplus.common.utils.Result;
 import lombok.extern.slf4j.Slf4j;
@@ -11,6 +12,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
 import org.springframework.stereotype.Component;
 
 import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -30,11 +32,20 @@ public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHand
     private String tokenHeader;
     @Value("${jwt.tokenHead}")
     private String tokenHead;
+    @Value("${jwt.expiration}")
+    private String expiration;
     @Override
     public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
+        //拿到登录用户信息
+        JwtUserDto userDetails = (JwtUserDto) authentication.getPrincipal();
+        //生成token
+        String jwtToken = jwtUtils.generateToken(userDetails.getUsername());
+//      token存入cookie
+        Cookie tokenCookie = new Cookie(this.tokenHeader, jwtToken);
+        tokenCookie.setPath("/");
+        tokenCookie.setMaxAge(Integer.parseInt(this.expiration)); //设置cookie与token的有效时间一致
+        httpServletResponse.addCookie(tokenCookie);
 
-        // JwtUserDto userDetails = (JwtUserDto)authentication.getPrincipal();//拿到登录用户信息
-        // String jwtToken = jwtUtils.generateToken(userDetails.getUsername());//生成token
         HttpSession session = httpServletRequest.getSession();
         //删除缓存里的验证码信息
         session.removeAttribute("captcha");
@@ -44,6 +55,5 @@ public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHand
         httpServletResponse.setContentType("application/json");
         //输出结果
         httpServletResponse.getWriter().write(JSON.toJSONString(result));
-
     }
 }