diff --git a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
index 30af2e519290ed96d4ac61c8ef00a23955adcfc3..024bcc222c35b29fffe798e751d77a5b1225732a 100644
--- a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
+++ b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
@@ -17,6 +17,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
   protected void configure(HttpSecurity http) throws Exception {
     http.httpBasic();
     http.csrf().disable();
+    http.headers().frameOptions().sameOrigin();
   }
 
   @Autowired
diff --git a/apollo-portal/pom.xml b/apollo-portal/pom.xml
index 500e8c3db12e6f4fcd4aaf803c77a0661a8e202e..d629868fac654b4ce228400b95f147559431b813 100644
--- a/apollo-portal/pom.xml
+++ b/apollo-portal/pom.xml
@@ -66,8 +66,8 @@
 			</properties>
 			<dependencies>
 				<dependency>
-					<groupId>org.jasig.cas.client</groupId>
-					<artifactId>cas-client-core-infosec-credis</artifactId>
+					<groupId>com.ctrip.framework.apollo-sso</groupId>
+					<artifactId>apollo-sso-ctrip</artifactId>
 				</dependency>
 			</dependencies>
 		</profile>
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
index 0c7dd188ee1c9ebee74f69a5fd36ae87801c4c88..9e69a67bf5c7efc505b55c68c4028b50b7665a10 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
@@ -9,6 +9,7 @@ import java.io.IOException;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 public class CtripLogoutHandler implements LogoutHandler{
 
@@ -18,7 +19,10 @@ public class CtripLogoutHandler implements LogoutHandler{
   @Override
   public void logout(HttpServletRequest request, HttpServletResponse response) {
     //将session销毁
-    request.getSession().invalidate();
+    HttpSession session = request.getSession(false);
+    if (session != null) {
+      session.invalidate();
+    }
 
     Cookie cookie = new Cookie("memCacheAssertionID", null);
     //将cookie的有效期设置为0，命令浏览器删除该cookie
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
index fbc89b36ba08bec192370d54fd7210618d8a3017..b552c6905f34897d8c752b9fe5591ce90eac4711 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
@@ -73,9 +73,11 @@ public class AuthConfiguration {
       filterInitParam.put("redisClusterName", "casClientPrincipal");
       filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
       filterInitParam.put("casServerLoginUrl", serverConfigService.getValue("casServerLoginUrl"));
+      //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+      filterInitParam.put("useSession", "false");
 
       casFilter.setInitParameters(filterInitParam);
-      casFilter.setFilter(filter("org.jasig.cas.client.authentication.AuthenticationFilter"));
+      casFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAuthenticationFilter"));
       casFilter.addUrlPatterns("/*");
 
       return casFilter;
@@ -88,6 +90,8 @@ public class AuthConfiguration {
       filterInitParam.put("casServerUrlPrefix", serverConfigService.getValue("casServerUrlPrefix"));
       filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
       filterInitParam.put("encoding", "UTF-8");
+      //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+      filterInitParam.put("useSession", "false");
       filterInitParam.put("useRedis", "true");
       filterInitParam.put("redisClusterName", "casClientPrincipal");
 
@@ -105,7 +109,7 @@ public class AuthConfiguration {
     public FilterRegistrationBean assertionHolder(){
       FilterRegistrationBean assertionHolderFilter = new FilterRegistrationBean();
 
-      assertionHolderFilter.setFilter(filter("org.jasig.cas.client.util.AssertionThreadLocalFilter"));
+      assertionHolderFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAssertionThreadLocalFilter"));
       assertionHolderFilter.addUrlPatterns("/*");
 
       return assertionHolderFilter;
diff --git a/apollo-portal/src/main/resources/static/scripts/AppUtils.js b/apollo-portal/src/main/resources/static/scripts/AppUtils.js
index 8a5e98982ce07e965854c44ea1260d087ef71d9d..0bb03997601aa94e60735a5cab390e1f9dd25046 100644
--- a/apollo-portal/src/main/resources/static/scripts/AppUtils.js
+++ b/apollo-portal/src/main/resources/static/scripts/AppUtils.js
@@ -3,7 +3,7 @@ appUtil.service('AppUtil', ['toastr', function (toastr) {
     return {
         errorMsg: function (response) {
             if (response.status == -1) {
-                return "您的登录信息已过期,请重新登录";
+                return "您的登录信息已过期,请刷新页面后重试";
             }
             var msg = "Code:" + response.status;
             if (response.data.message != null) {
diff --git a/apollo-portal/src/main/resources/static/sso_heartbeat.html b/apollo-portal/src/main/resources/static/sso_heartbeat.html
new file mode 100644
index 0000000000000000000000000000000000000000..0cdb13ce983f68ee063ebc5e71b411b39bf1cdba
--- /dev/null
+++ b/apollo-portal/src/main/resources/static/sso_heartbeat.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>SSO Heartbeat</title>
+    <script type="text/javascript">
+        var reloading = false;
+        setInterval(function () {
+            if (document.cookie.indexOf('memCacheAssertionID=') == -1) {
+                if (reloading) {
+                    return;
+                }
+                reloading = true;
+                console.log("sso memCacheAssertionID expires, try reloading");
+                location.reload(true);
+            }
+        }, 1000);
+    </script>
+</head>
+<body>
+</body>
+</html>
diff --git a/apollo-portal/src/main/resources/static/views/common/footer.html b/apollo-portal/src/main/resources/static/views/common/footer.html
index b4a386987e139513fad196fbf8e6847d14620c82..926c6596be156e51a49ec3b5264d6e5ef00be136 100644
--- a/apollo-portal/src/main/resources/static/views/common/footer.html
+++ b/apollo-portal/src/main/resources/static/views/common/footer.html
@@ -5,7 +5,4 @@
         <a href="http://conf.ctripcorp.com/display/FRAM/Apollo" target="_blank">wiki</a>
     </p>
 </div>
-
-
-
-
+<iframe src="/sso_heartbeat.html" class="hide"></iframe>
diff --git a/pom.xml b/pom.xml
index a90bc624510d8b394f7a7faa9b706817a7f34cfa..9d81d9b454c9ed5e71846a8822dd016011ac817e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,9 +177,9 @@
 				</exclusions>
 			</dependency>
 			<dependency>
-				<groupId>org.jasig.cas.client</groupId>
-				<artifactId>cas-client-core-infosec-credis</artifactId>
-				<version>3.1.12</version>
+				<groupId>com.ctrip.framework.apollo-sso</groupId>
+				<artifactId>apollo-sso-ctrip</artifactId>
+				<version>1.0.0</version>
 			</dependency>
 			<!--third party -->
 			<dependency>