diff --git a/IRaCIS.Core.API/Controllers/ExtraController.cs b/IRaCIS.Core.API/Controllers/ExtraController.cs
index dc5fcea7..921317a8 100644
--- a/IRaCIS.Core.API/Controllers/ExtraController.cs
+++ b/IRaCIS.Core.API/Controllers/ExtraController.cs
@@ -163,10 +163,10 @@ namespace IRaCIS.Api.Controllers
                 // 创建一个 CookieOptions 对象，用于设置 Cookie 的属性
                 var option = new CookieOptions
                 {
-                    Expires = DateTime.Now.AddMonths(1), // 设置过期时间为 30 分钟之后
-                    HttpOnly = false, // 确保 cookie 只能通过 HTTP 访问
+                    Expires = DateTime.Now.AddMonths(1),
+                    HttpOnly = true, // 确保 cookie 只能通过 HTTP 访问
                     SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None, // 设置 SameSite 属性
-                    Secure = false // 确保 cookie 只能通过 HTTPS 访问
+                    Secure = true // 确保 cookie 只能通过 HTTPS 访问
                 };
 
                 HttpContext.Response.Cookies.Append("access_token", returnModel.Data.JWTStr, option);