diff --git a/extend/controller/BasicApi.php b/extend/controller/BasicApi.php
index 20723a2dc..bee2b8830 100644
--- a/extend/controller/BasicApi.php
+++ b/extend/controller/BasicApi.php
@@ -39,11 +39,11 @@ class BasicApi
      */
     public function __construct()
     {
-        ToolsService::corsOptionsHandler();
-        $this->request = app('request');
         Session::init(config('session.'));
+        ToolsService::corsOptionsHandler();
         $sessionName = $this->request->header(session_name());
         empty($sessionName) || session_id($sessionName);
+        $this->request = app('request');
     }
 
     /**
diff --git a/extend/service/ToolsService.php b/extend/service/ToolsService.php
index 9c3234ea8..53280cbb1 100644
--- a/extend/service/ToolsService.php
+++ b/extend/service/ToolsService.php
@@ -33,7 +33,7 @@ class ToolsService
             header('Access-Control-Allow-Origin:*');
             header('Access-Control-Allow-Credentials:true');
             header('Access-Control-Allow-Methods:GET,POST,OPTIONS');
-            header('Access-Control-Allow-Headers:Accept,Referer,Host,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Cookie');
+            header('Access-Control-Allow-Headers:Accept,Referer,Host,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Cookie,' . session_name());
             header('Content-Type:text/plain charset=UTF-8');
             header('Access-Control-Max-Age:1728000');
             header('HTTP/1.0 204 No Content');