diff --git a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
index dd8a476faf440f6ab18e77d916452b77ac8e54cb..7d2a02caf4ff1a6d2878ccfeb1b242694bf9e9cd 100644
--- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
@@ -150,12 +150,11 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         
         OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId);
         
-        
+        //set ONLINE_TICKET cookie
         WebContext.setCookie(WebContext.getResponse(), 
                 this.applicationConfig.getBaseDomainName(), 
                 WebConstants.ONLINE_TICKET_NAME, 
-                onlineTickitId, 
-                0);
+                onlineTickitId);
         
         SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
         //set OnlineTicket
diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
index d204763936af8561a9543263591a78cb41d4245f..f28569a2327ce387b4a9f06cca40e0968081402b 100644
--- a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
@@ -368,7 +368,7 @@ public final class WebContext {
             e.printStackTrace();
         }
         // 单位：秒
-        if(time > 0) {
+        if(time >= 0) {
             cookie.setMaxAge(time);
         }
         // 将Cookie添加到Response中,使之生效
@@ -376,6 +376,18 @@ public final class WebContext {
         return response;
     }
 
+    public static HttpServletResponse expiryCookie(
+            HttpServletResponse response, String domain ,String name, String value) {
+        WebContext.setCookie(response,domain,name, value,0);
+        return response;
+    }
+    
+    public static HttpServletResponse setCookie(
+            HttpServletResponse response, String domain ,String name, String value) {
+        WebContext.setCookie(response,domain,name, value,-1);
+        return response;
+    }
+
     /**
      * get Current Date,eg 2012-07-10.
      * 
diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java
index 2b1b867b518f02b3716d56f44fbda326ea81063d..5b67fc8200012b8abd6f07133c6c69a56b8d519d 100644
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java
@@ -19,6 +19,7 @@ package org.maxkey.web.endpoint;
 
 import java.util.Iterator;
 import java.util.Set;
+import java.util.UUID;
 import java.util.Map.Entry;
 
 import javax.servlet.http.HttpServletRequest;
@@ -125,6 +126,13 @@ public class LogoutEndpoint {
             }
         }
  		onlineTicketServices.remove(onlineTicketId);
+ 		
+ 		//remove ONLINE_TICKET cookie
+ 		WebContext.expiryCookie(WebContext.getResponse(), 
+                this.applicationConfig.getBaseDomainName(), 
+                WebConstants.ONLINE_TICKET_NAME, 
+                UUID.randomUUID().toString());
+ 		
  		request.getSession().invalidate();
  		SecurityContextHolder.clearContext();