diff --git a/src/modules/http/src/httpAuth.c b/src/modules/http/src/httpAuth.c
index 9d9ead73246837c78c3b534785a1ddc1cbc99055..4503accc0acdc74f1035b91bb2b85a344eb143fe 100644
--- a/src/modules/http/src/httpAuth.c
+++ b/src/modules/http/src/httpAuth.c
@@ -50,6 +50,7 @@ bool httpParseBasicAuthToken(HttpContext *pContext, char *token, int len) {
     return false;
   }
   strncpy(pContext->user, base64, (size_t)user_len);
+  pContext->user[user_len] = 0;
 
   char *password = user + 1;
   int   pass_len = (int)((base64 + outlen) - password);
@@ -60,6 +61,7 @@ bool httpParseBasicAuthToken(HttpContext *pContext, char *token, int len) {
     return false;
   }
   strncpy(pContext->pass, password, (size_t)pass_len);
+  pContext->pass[pass_len] = 0;
 
   free(base64);
   httpTrace("context:%p, fd:%d, ip:%s, basic token parsed success, user:%s", pContext, pContext->fd, pContext->ipstr,
diff --git a/src/modules/http/src/httpSession.c b/src/modules/http/src/httpSession.c
index 5a5a32260fd6fd257d569f2ffc8eae3832b99ada..61f49da7c8e0d9221b404518905aa385b80cb64d 100644
--- a/src/modules/http/src/httpSession.c
+++ b/src/modules/http/src/httpSession.c
@@ -114,6 +114,7 @@ void httpRestoreSession(HttpContext *pContext) {
     return;
   }
   session->access--;
+  pContext->session = NULL;
   httpTrace("context:%p, ip:%s, user:%s, restore session:%p:%p, access:%d, expire:%d",
             pContext, pContext->ipstr, pContext->user, session, session->taos,
             session->access, pContext->session->expire);