diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 2c4929019..b5975e452 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -234,7 +234,7 @@ class AccountController < ApplicationController
   end
 
   def password_authentication
-    user = User.try_to_login(params[:username], params[:password])
+    user, last_login_on = User.try_to_login(params[:username], params[:password])
  
     if user.nil?
       invalid_credentials
@@ -244,7 +244,7 @@ class AccountController < ApplicationController
       onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
     else
       # Valid user
-      successful_authentication(user)
+      successful_authentication(user, last_login_on)
     end
   end
 
@@ -291,7 +291,7 @@ class AccountController < ApplicationController
     end
   end
 
-  def successful_authentication(user)
+  def successful_authentication(user, last_login_on)
     logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
     # Valid user
     self.logged_user = user
@@ -304,13 +304,18 @@ class AccountController < ApplicationController
     code = /\d*/
     #根据home_url生产正则表达式
     eval("code = " + "/^" + home_url.gsub(/\//,"\\\/") + "\\\/*(welcome)?\\\/*(\\\/index\\\/*.*)?\$/")
-    if code=~params[:back_url]
+    if code=~params[:back_url] && last_login_on != ''
       redirect_to user_activities_path(user)
     else
+      if last_login_on == ''
+        redirect_to my_account_url
+      else
       #by young
       #redirect_back_or_default my_page_path
-      redirect_back_or_default User.current
+      #sredirect_back_or_default User.current
+      redirect_to my_account_url
       #redirect_to User.current
+      end
     end
   end
 
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 67948a8e1..d1465574f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -124,7 +124,7 @@ class ApplicationController < ActionController::Base
       else
         # HTTP Basic, either username/password or API key/random
         authenticate_with_http_basic do |username, password|
-          user = User.try_to_login(username, password) || User.find_by_api_key(username)
+          user = User.try_to_login(username, password)[0] || User.find_by_api_key(username)
         end
       end
       # Switch user if requested by an admin user
diff --git a/app/models/user.rb b/app/models/user.rb
index ff627763a..a9d73bd31 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -359,8 +359,9 @@ class User < Principal
         end
       end
     end
+    last_login_on = user.last_login_on.nil? ? '' : user.last_login_on.to_s
     user.update_column(:last_login_on, Time.now) if user && !user.new_record?
-    user
+    [user, last_login_on]
   rescue => text
     raise text
   end