diff --git a/core/bean/sysBean/user.go b/core/bean/sysBean/user.go
index dfbf8da..9c24f68 100644
--- a/core/bean/sysBean/user.go
+++ b/core/bean/sysBean/user.go
@@ -1,5 +1,7 @@
 package sysBean
 
+import "GoClouds/core/utils"
+
 type LoginReq struct {
 	Name string
 	Pass string
@@ -10,8 +12,14 @@ type LoginRes struct {
 	Uid  int64
 	Xid  string
 	Name string
+	Hash string
 	Errs string
 }
+
+func (c *LoginRes) SetHash(s string) {
+	c.Hash = utils.CacLoginHash(s)
+}
+
 type RegReq struct {
 	Name string
 	Pass string
diff --git a/core/cloud/userCloud/user.go b/core/cloud/userCloud/user.go
index d505c3f..65a563f 100644
--- a/core/cloud/userCloud/user.go
+++ b/core/cloud/userCloud/user.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"github.com/gin-gonic/gin"
 	gocloud "github.com/mgr9525/go-cloud"
+	ruisUtil "github.com/mgr9525/go-ruisutil"
 )
 
 func FindInfo(uid string) *models.SysUser {
@@ -16,6 +17,17 @@ func FindInfo(uid string) *models.SysUser {
 	}
 	return e
 }
+func CheckUsrInfo(xid, hash string) *models.SysUser {
+	if xid == "" {
+		return nil
+	}
+	e := &models.SysUser{}
+	err := DoJson("CheckInfo", &ruisUtil.Map{"xid": xid, "hash": hash}, e)
+	if err != nil {
+		return nil
+	}
+	return e
+}
 func CurrUser(c *gin.Context) *models.SysUser {
 	tkm := gocloud.GetToken(c)
 	if tkm == nil {
@@ -25,11 +37,15 @@ func CurrUser(c *gin.Context) *models.SysUser {
 	if !ok {
 		return nil
 	}
+	hs, ok := tkm["hash"]
+	if !ok {
+		return nil
+	}
 	xid := fmt.Sprintf("%v", t)
 	if xid == "" {
 		return nil
 	}
-	return FindInfo(xid)
+	return CheckUsrInfo(xid, fmt.Sprintf("%v", hs))
 }
 func GetUsrPerms(uid string) map[string]bool {
 	e := make(map[string]bool)
diff --git a/core/utils/util.go b/core/utils/util.go
index 08fa454..edc8cd6 100644
--- a/core/utils/util.go
+++ b/core/utils/util.go
@@ -3,6 +3,7 @@ package utils
 import (
 	"GoClouds/core/comms"
 	"fmt"
+	ruisUtil "github.com/mgr9525/go-ruisutil"
 	"math/rand"
 	"strings"
 	"time"
@@ -29,3 +30,11 @@ func HideUserName(name string) string {
 	}
 	return name
 }
+func CacLoginHash(s string) string {
+	hash := ruisUtil.Md5String(s)
+	ln := len(hash)
+	if ln > 10 {
+		hash = hash[ln-8:]
+	}
+	return hash
+}
diff --git a/service/utilService/login.go b/service/utilService/login.go
index aabda5f..e7653a4 100644
--- a/service/utilService/login.go
+++ b/service/utilService/login.go
@@ -1,6 +1,7 @@
 package utilService
 
 import (
+	"GoClouds/core/bean/sysBean"
 	"fmt"
 	"github.com/dgrijalva/jwt-go"
 	"github.com/gin-gonic/gin"
@@ -8,7 +9,7 @@ import (
 	"time"
 )
 
-func NewDomainToken(c *gin.Context, id int64, xid string, remeber bool) (string, error) {
+func NewDomainToken(c *gin.Context, lgi *sysBean.LoginRes, remeber bool) (string, error) {
 	var dms string
 	/*if comms.RegHost.MatchString(c.Request.Host) {
 		strs := comms.RegHost.FindAllStringSubmatch(c.Request.Host, 1)[0]
@@ -16,8 +17,9 @@ func NewDomainToken(c *gin.Context, id int64, xid string, remeber bool) (string,
 	}
 	logrus.Info("NewDomainToken.dms=" + dms)*/
 	return gocloud.SetToken(c, jwt.MapClaims{
-		"id":    fmt.Sprintf("%d", id),
-		"xid":   xid,
+		"id":    fmt.Sprintf("%d", lgi.Uid),
+		"xid":   lgi.Xid,
+		"hash":  lgi.Hash,
 		"times": time.Now(),
 	}, remeber, dms)
 }
diff --git a/webs/sys/routehb/user.go b/webs/sys/routehb/user.go
index 5abb9a4..0e93a81 100644
--- a/webs/sys/routehb/user.go
+++ b/webs/sys/routehb/user.go
@@ -41,6 +41,27 @@ func (UserRPC) Info(c *hbtp.Context, id string) {
 	}
 	c.ResJson(hbtp.ResStatusOk, e)
 }
+func (UserRPC) CheckInfo(c *hbtp.Context, m *ruisUtil.Map) {
+	xid := m.GetString("xid")
+	hash := m.GetString("hash")
+	if xid == "" || hash == "" {
+		c.ResString(hbtp.ResStatusErr, "param err")
+		return
+	}
+
+	e := &models.SysUser{}
+	key := fmt.Sprintf("uinfo:%s", xid)
+	if err := gocloud.CacheGets(key, e); err != nil {
+		e = userService.FindXid(xid)
+		gocloud.CacheSets(key, e, time.Hour*2)
+	}
+	if hash != utils.CacLoginHash(e.Pass) {
+		c.ResString(hbtp.ResStatusErr, "param err")
+		return
+	}
+
+	c.ResJson(hbtp.ResStatusOk, e)
+}
 func (UserRPC) Login(c *hbtp.Context, m *sysBean.LoginReq) {
 	if m.Name == "" {
 		c.ResString(hbtp.ResStatusErr, "param err:name!")
@@ -79,6 +100,7 @@ func (UserRPC) Login(c *hbtp.Context, m *sysBean.LoginReq) {
 	ret.Uid = usr.Id
 	ret.Xid = usr.Xid
 	ret.Name = usr.Name
+	ret.SetHash(usr.Pass)
 	c.ResJson(hbtp.ResStatusOk, ret)
 }
 func (UserRPC) Reg(c *hbtp.Context, m *sysBean.RegReq) {
@@ -128,6 +150,7 @@ func (UserRPC) Reg(c *hbtp.Context, m *sysBean.RegReq) {
 	ret.Uid = ne.Id
 	ret.Xid = ne.Xid
 	ret.Name = ne.Name
+	ret.SetHash(ne.Pass)
 	c.ResJson(hbtp.ResStatusOk, ret)
 }
 func (UserRPC) Forgot(c *hbtp.Context, m *sysBean.LoginReq) {
@@ -160,6 +183,7 @@ func (UserRPC) Forgot(c *hbtp.Context, m *sysBean.LoginReq) {
 	ret.Uid = ne.Id
 	ret.Xid = ne.Xid
 	ret.Name = ne.Name
+	ret.SetHash(ne.Pass)
 	c.ResJson(hbtp.ResStatusOk, ret)
 }
 func (UserRPC) Uppass(c *hbtp.Context, m *sysBean.UppassReq) {
@@ -198,10 +222,12 @@ func (UserRPC) Uppass(c *hbtp.Context, m *sysBean.UppassReq) {
 		c.ResJson(hbtp.ResStatusOk, ret)
 		return
 	}
+	commCloud.ClearUserCache(ne.Xid)
 
 	ret.Stat = 1
 	ret.Uid = ne.Id
 	ret.Xid = ne.Xid
 	ret.Name = ne.Name
+	ret.SetHash(ne.Pass)
 	c.ResJson(hbtp.ResStatusOk, ret)
 }