diff --git a/extend/controller/BasicApi.php b/extend/controller/BasicApi.php
index 75d90bde7..77087d1a5 100644
--- a/extend/controller/BasicApi.php
+++ b/extend/controller/BasicApi.php
@@ -15,9 +15,6 @@
 namespace controller;
 
 use service\ToolsService;
-use think\exception\HttpResponseException;
-use think\facade\Response;
-use think\facade\Session;
 
 /**
  * 基础接口类
@@ -39,13 +36,8 @@ class BasicApi
      */
     public function __construct()
     {
-        // Cors跨域Options请求处理
-        Session::init(config('session.'));
         ToolsService::corsOptionsHandler();
-        // Cors跨域会话切换及初始化
         $this->request = app('request');
-        $sessionName = $this->request->header(session_name());
-        empty($sessionName) || session_id($sessionName);
     }
 
     /**
@@ -55,8 +47,7 @@ class BasicApi
      */
     protected function success($msg, $data = [])
     {
-        $result = ['code' => 1, 'msg' => $msg, 'data' => $data, 'token' => session_name() . '=' . session_id()];
-        throw new HttpResponseException(Response::create($result, 'json', 200, ToolsService::corsRequestHander()));
+        ToolsService::success($msg, $data);
     }
 
     /**
@@ -66,8 +57,7 @@ class BasicApi
      */
     protected function error($msg, $data = [])
     {
-        $result = ['code' => 0, 'msg' => $msg, 'data' => $data, 'token' => session_name() . '=' . session_id()];
-        throw new HttpResponseException(Response::create($result, 'json', 200, ToolsService::corsRequestHander()));
+        ToolsService::success($msg, $data);
     }
 
 }
\ No newline at end of file
diff --git a/extend/service/ToolsService.php b/extend/service/ToolsService.php
index 53280cbb1..e022dc834 100644
--- a/extend/service/ToolsService.php
+++ b/extend/service/ToolsService.php
@@ -14,6 +14,10 @@
 
 namespace service;
 
+use think\exception\HttpResponseException;
+use think\facade\Response;
+use think\facade\Session;
+
 /**
  * 系统工具服务
  * Class ToolsService
@@ -29,11 +33,19 @@ class ToolsService
      */
     public static function corsOptionsHandler()
     {
+        Session::init(config('session.'));
+        $token = request()->header('token', '');
+        empty($token) && $token = request()->post('token', '');
+        empty($token) && $token = request()->get('token', '');
+        list($name, $value) = explode('=', decode($token) . '=');
+        if (!empty($value) && session_name() === $name) {
+            session_id($value);
+        }
         if (request()->isOptions()) {
             header('Access-Control-Allow-Origin:*');
             header('Access-Control-Allow-Credentials:true');
             header('Access-Control-Allow-Methods:GET,POST,OPTIONS');
-            header('Access-Control-Allow-Headers:Accept,Referer,Host,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Cookie,' . session_name());
+            header("Access-Control-Allow-Headers:Accept,Referer,Host,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Cookie,token");
             header('Content-Type:text/plain charset=UTF-8');
             header('Access-Control-Max-Age:1728000');
             header('HTTP/1.0 204 No Content');
@@ -56,6 +68,28 @@ class ToolsService
         ];
     }
 
+    /**
+     * 返回成功的操作
+     * @param string $msg 消息内容
+     * @param array $data 返回数据
+     */
+    public static function success($msg, $data = [])
+    {
+        $result = ['code' => 1, 'msg' => $msg, 'data' => $data, 'token' => encode(session_name() . '=' . session_id())];
+        throw new HttpResponseException(Response::create($result, 'json', 200, self::corsRequestHander()));
+    }
+
+    /**
+     * 返回失败的请求
+     * @param string $msg 消息内容
+     * @param array $data 返回数据
+     */
+    public static function error($msg, $data = [])
+    {
+        $result = ['code' => 0, 'msg' => $msg, 'data' => $data, 'token' => encode(session_name() . '=' . session_id())];
+        throw new HttpResponseException(Response::create($result, 'json', 200, self::corsRequestHander()));
+    }
+
     /**
      * Emoji原形转换为String
      * @param string $content