diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
index d4a3b11..cffe923 100644
--- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
+++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
@@ -1,11 +1,14 @@
 package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
 
+import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.COOKIE_TOKEN_CODE;
+
 import java.io.IOException;
 import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -60,18 +63,32 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 
 		// 检查请求头是否包含 Bearer 前缀
 		if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) {
-			// 移除header的前缀，提取出token字串
-			String authToken = RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, "");
-
-			try {// 通过token读取用户信息 (新增用户当前角色字段: 2021-03-05)
-				SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
-			} catch (Exception e) {
-				log.error(e.getMessage());
-			}
+			setAuthentication(currentRoleCode, RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, ""));// 移除header的前缀，提取出token字串
+		}
+		// 检查cookie
+		else {
+			Optional.ofNullable(request.getCookies()).ifPresent(cookies -> {
+				Stream.of(cookies).filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
+						.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue()));
+			});
 		}
 		filterChain.doFilter(request, response);
 	}
 
+	/**
+	 * 设置认证用户信息
+	 * 
+	 * @param currentRoleCode
+	 * @param authToken
+	 */
+	private void setAuthentication(final String currentRoleCode, final String authToken) {
+		try {// 通过token读取用户信息 (新增用户当前角色字段: 2021-03-05)
+			SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
+		} catch (Exception e) {
+			log.error(e.getMessage());
+		}
+	}
+
 	/**
 	 * 调用山分的认证中心接口，获取该token的绑定信息
 	 *