diff --git a/src/main/java/com/yeqifu/sys/controller/LoginController.java b/src/main/java/com/yeqifu/sys/controller/LoginController.java
index b2e6ac9..5e4d46e 100644
--- a/src/main/java/com/yeqifu/sys/controller/LoginController.java
+++ b/src/main/java/com/yeqifu/sys/controller/LoginController.java
@@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.util.Date;
+import java.util.Objects;
 
 /**
  * 登陆前端控制器
@@ -36,43 +37,46 @@ public class LoginController {
     private ILoginfoService loginfoService;
 
     @RequestMapping("login")
-    public ResultObj login(UserVo userVo,String code,HttpSession session){
+    public ResultObj login(UserVo userVo, String code, HttpSession session) {
 
-        //获得存储在session中的验证码
+        // 从 session 中获取验证码
         String sessionCode = (String) session.getAttribute("code");
-        if (code!=null&&sessionCode.equals(code)){
-            Subject subject = SecurityUtils.getSubject();
-            AuthenticationToken token = new UsernamePasswordToken(userVo.getLoginname(),userVo.getPwd());
-            try {
-                //对用户进行认证登陆
-                subject.login(token);
-                //通过subject获取以认证活动的user
-                ActiverUser activerUser = (ActiverUser) subject.getPrincipal();
-                //将user存储到session中
-                WebUtils.getSession().setAttribute("user",activerUser.getUser());
-                //记录登陆日志
-                Loginfo entity = new Loginfo();
-                entity.setLoginname(activerUser.getUser().getName()+"-"+activerUser.getUser().getLoginname());
-                entity.setLoginip(WebUtils.getRequest().getRemoteAddr());
-                entity.setLogintime(new Date());
-                loginfoService.save(entity);
-
-                return ResultObj.LOGIN_SUCCESS;
-            } catch (AuthenticationException e) {
-                e.printStackTrace();
-                return ResultObj.LOGIN_ERROR_PASS;
-            }
-        }else {
-            return ResultObj.LOGIN_ERROR_CODE;
+        if (!Objects.equals(sessionCode, code)) {
+            return ResultObj.LOGIN_ERROR_CODE; // 验证码错误
         }
 
+        // 验证码使用后清除
+        session.removeAttribute("code");
+
+        Subject subject = SecurityUtils.getSubject();
+        AuthenticationToken token = new UsernamePasswordToken(userVo.getLoginname(), userVo.getPwd());
+        try {
+            // 用户认证
+            subject.login(token);
+            ActiverUser activerUser = (ActiverUser) subject.getPrincipal();
+
+            // 存储用户信息到 session
+            WebUtils.getSession().setAttribute("user", activerUser.getUser());
+
+            // 记录登录日志
+            Loginfo entity = new Loginfo();
+            entity.setLoginname(activerUser.getUser().getName() + "-" + activerUser.getUser().getLoginname());
+            entity.setLoginip(WebUtils.getRequest().getRemoteAddr());
+            entity.setLogintime(new Date());
+            loginfoService.save(entity);
+
+            return ResultObj.LOGIN_SUCCESS;
+        } catch (AuthenticationException e) { // 其他认证错误
+            e.printStackTrace();
+            return ResultObj.LOGIN_ERROR_PASS;
+        }
     }
 
+
     /**
      * 得到登陆验证码
      * @param response
      * @param session
-     * @throws IOException
      */
     @RequestMapping("getCode")
     public void getCode(HttpServletResponse response, HttpSession session) throws IOException{