diff --git a/base/web/serve.go b/base/web/serve.go
index 5690a077..d59c4d79 100644
--- a/base/web/serve.go
+++ b/base/web/serve.go
@@ -275,7 +275,15 @@ func init() {
 				cli.NodeInfo(m, WORKER, ice.Info.PathName)
 				AddRewrite(func(w http.ResponseWriter, r *http.Request) bool {
 					if r.Method == SPIDE_GET && r.URL.Path == ice.PS {
+
 						msg := m.Spawn(SERVE, w, r)
+						if share := r.URL.Query().Get("share"); share != "" {
+							switch msg := msg.Cmd(SHARE, share); msg.Append(mdb.TYPE) {
+							case "login":
+								RenderCookie(msg, aaa.SessCreate(msg, msg.Append(aaa.USERNAME)))
+							}
+						}
+
 						repos := kit.Select(ice.INTSHELL, ice.VOLCANOS, strings.Contains(r.Header.Get("User-Agent"), "Mozilla/5.0"))
 						Render(msg, ice.RENDER_DOWNLOAD, path.Join(msg.Config(kit.Keys(repos, nfs.PATH)), msg.Config(kit.Keys(repos, INDEX))))
 						return true // 网站主页
diff --git a/core/chat/header.go b/core/chat/header.go
index d79bcfe1..97e53d2b 100644
--- a/core/chat/header.go
+++ b/core/chat/header.go
@@ -20,10 +20,12 @@ func _header_agent(m *ice.Message, arg ...string) {
 	}
 }
 func _header_check(m *ice.Message, arg ...string) {
-	if m.Option(ice.MSG_USERNAME) == "" {
-		m.Option(web.LOGIN, m.Config(web.LOGIN))
-		m.Option(web.SSO, m.Conf(web.SERVE, kit.Keym(web.SSO)))
+	if m.Option(ice.MSG_USERNAME) != "" {
+		return
 	}
+
+	m.Option(web.LOGIN, m.Config(web.LOGIN))
+	m.Option(web.SSO, m.Conf(web.SERVE, kit.Keym(web.SSO)))
 	if m.Option("login.dev", m.Cmd(web.SPACE, ice.DEV).Append(mdb.TEXT)) == "" {
 		m.Option("login.dev", m.Cmd(web.SPACE, ice.SHY).Append(mdb.TEXT))
 	}
diff --git a/core/chat/website.go b/core/chat/website.go
index 171053e9..2427a4c9 100644
--- a/core/chat/website.go
+++ b/core/chat/website.go
@@ -36,9 +36,7 @@ func _website_parse(m *ice.Message, text string, args ...string) (map[string]int
 	), kit.Dict(), kit.Dict()
 	prefix := ""
 
-	m.Debug("what %v", prefix)
 	m.Cmd(lex.SPLIT, "", mdb.KEY, mdb.NAME, func(deep int, ls []string, meta map[string]interface{}) []string {
-		m.Debug("what %v", ls)
 		data := kit.Dict()
 		switch display := ice.DisplayRequire(1, ls[0])[ctx.DISPLAY]; kit.Ext(ls[0]) {
 		case nfs.JS:
@@ -259,6 +257,7 @@ func init() {
 
 var _website_template = `<!DOCTYPE html>
 <head>
+	<meta name="viewport" content="width=device-width,initial-scale=0.8,maximum-scale=0.8,user-scalable=0">
 	<meta charset="utf-8">
 	<title>volcanos</title>
 	<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
@@ -274,6 +273,7 @@ var _website_template = `<!DOCTYPE html>
 
 var _website_template2 = `<!DOCTYPE html>
 <head>
+	<meta name="viewport" content="width=device-width,initial-scale=0.8,maximum-scale=0.8,user-scalable=0">
 	<meta charset="utf-8">
 	<title>volcanos</title>
 	<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
diff --git a/misc/lark/sso.go b/misc/lark/sso.go
index 176e3fb4..90d363ee 100644
--- a/misc/lark/sso.go
+++ b/misc/lark/sso.go
@@ -21,33 +21,32 @@ func init() {
 
 			appid := m.Cmd(APP).Append(APPID)
 			home := m.MergeURL2("/chat/lark/sso")
-			if m.Option(cli.CODE) != "" { // 登录成功
-				msg := m.Cmd(web.SPIDE, LARK, "/open-apis/authen/v1/access_token", "grant_type", "authorization_code",
-					cli.CODE, m.Option(cli.CODE), "app_access_token", m.Cmdx(APP, TOKEN, appid))
-
-				// 更新用户
-				m.Option(aaa.USERNAME, msg.Append("data.open_id"))
-				msg = m.Cmd(EMPLOYEE, appid, m.Option(aaa.USERNAME))
-				userrole := kit.Select(aaa.VOID, aaa.TECH, msg.Append("is_tenant_manager") == ice.TRUE)
-				m.Cmd(aaa.USER, mdb.CREATE, userrole, m.Option(aaa.USERNAME))
-				m.Cmd(aaa.USER, mdb.MODIFY, aaa.USERROLE, userrole,
-					aaa.USERNICK, msg.Append(mdb.NAME), aaa.USERZONE, LARK,
-					aaa.AVATAR, msg.Append("avatar_url"), aaa.GENDER, kit.Select("女", "男", msg.Append(aaa.GENDER) == "1"),
-					msg.AppendSimple(aaa.MOBILE, aaa.EMAIL, aaa.CITY, aaa.COUNTRY),
-				)
-
-				// 创建会话
-				web.RenderCookie(m, aaa.SessCreate(m, m.Option(aaa.USERNAME)), web.CookieName(m.Option(cli.BACK)))
-				m.RenderRedirect(kit.Select(home, m.Option(cli.BACK)))
+			if m.Option(cli.CODE) == "" { // 登录页面
+				if back := m.R.Header.Get("Referer"); back != "" {
+					home = kit.MergeURL(home, cli.BACK, back)
+				}
+				m.RenderRedirect(kit.MergeURL2(m.Cmd(web.SPIDE, LARK).Append("client.url"), "/open-apis/authen/v1/index"),
+					"redirect_uri", home, APP_ID, m.Cmd(APP).Append(APPID))
 				return
 			}
 
-			if back := m.R.Header.Get("Referer"); back != "" {
-				home = kit.MergeURL(home, cli.BACK, back)
-			}
-			// 登录页面
-			m.RenderRedirect(kit.MergeURL2(m.Cmd(web.SPIDE, LARK).Append("client.url"), "/open-apis/authen/v1/index"),
-				"redirect_uri", home, APP_ID, m.Cmd(APP).Append(APPID))
+			msg := m.Cmd(web.SPIDE, LARK, "/open-apis/authen/v1/access_token", "grant_type", "authorization_code",
+				cli.CODE, m.Option(cli.CODE), "app_access_token", m.Cmdx(APP, TOKEN, appid))
+
+			// 更新用户
+			m.Option(aaa.USERNAME, msg.Append("data.open_id"))
+			msg = m.Cmd(EMPLOYEE, appid, m.Option(aaa.USERNAME))
+			userrole := kit.Select(aaa.VOID, aaa.TECH, msg.Append("is_tenant_manager") == ice.TRUE)
+			m.Cmd(aaa.USER, mdb.CREATE, userrole, m.Option(aaa.USERNAME))
+			m.Cmd(aaa.USER, mdb.MODIFY, aaa.USERROLE, userrole,
+				aaa.USERNICK, msg.Append(mdb.NAME), aaa.USERZONE, LARK,
+				aaa.AVATAR, msg.Append("avatar_url"), aaa.GENDER, kit.Select("女", "男", msg.Append(aaa.GENDER) == "1"),
+				msg.AppendSimple(aaa.MOBILE, aaa.EMAIL, aaa.CITY, aaa.COUNTRY),
+			)
+
+			// 创建会话
+			// web.RenderCookie(m, aaa.SessCreate(m, m.Option(aaa.USERNAME)), web.CookieName(m.Option(cli.BACK)))
+			m.RenderRedirect(kit.MergeURL(kit.Select(home, m.Option(cli.BACK)), "sessid", aaa.SessCreate(m, m.Option(aaa.USERNAME))))
 		}},
 	}})
 }
