diff --git a/webapp/controller/BaseAuthedController.class.php b/webapp/controller/BaseAuthedController.class.php
index 3547f095..9feb0fa9 100644
--- a/webapp/controller/BaseAuthedController.class.php
+++ b/webapp/controller/BaseAuthedController.class.php
@@ -32,7 +32,7 @@ class BaseAuthedController extends BaseController {
             phpcommon\sendError(500, 'invalid session_id');
             die();
         }
-        if (!(getReqVal('c', '') == 'User' && getReqVal('c', '') == 'login')) {
+        if (!(getReqVal('c', '') == 'User' && getReqVal('a', '') == 'login')) {
             $r = $this->_getRedis($this->_getAccountId());
             $sessionId = $r->get(LAST_SESSION_KEY . $this->_getAccountId());
             if (empty($sessionId)) {
@@ -43,6 +43,7 @@ class BaseAuthedController extends BaseController {
                     $_REQUEST
                 ));
                 phpcommon\sendError(1001, 'session expiration');
+                die();
             }
         }
     }