diff --git a/enforcer.go b/enforcer.go
index f26fb44..0bfb25f 100644
--- a/enforcer.go
+++ b/enforcer.go
@@ -384,7 +384,7 @@ func (e *Enforcer) LogoutById(id string, device ...string) error {
 func (e *Enforcer) LogoutByToken(token string) error {
 	var err error
 	// delete token-id
-	id := e.GetIdByToken(token)
+	id := e.getIdByToken(token)
 	if id == "" {
 		return errors.New("user not logged in")
 	}
@@ -457,7 +457,13 @@ func (e *Enforcer) GetIdByToken(token string) string {
 	if token == "" {
 		return ""
 	}
-	return e.getIdByToken(token)
+	loginId := e.getIdByToken(token)
+	// auto refresh timeout, When the user accesses
+	if loginId != "" && e.config.AutoRenew {
+		_ = e.updateTokenTimeout(token, e.config.Timeout)
+		_ = e.UpdateSessionTimeout(loginId, e.config.Timeout)
+	}
+	return loginId
 }
 
 // IsLogin check if user logged in by token.
@@ -593,6 +599,11 @@ func (e *Enforcer) UpdateSession(id string, session *model.Session) error {
 	return nil
 }
 
+func (e *Enforcer) UpdateSessionTimeout(id string, timeout int64) error {
+	err := e.notifyUpdateTimeout(id, timeout)
+	return err
+}
+
 func (e *Enforcer) GetTokenConfig() config.TokenConfig {
 	return e.config
 }
diff --git a/enforcer_internal_api.go b/enforcer_internal_api.go
index 5d89a9d..c433dd6 100644
--- a/enforcer_internal_api.go
+++ b/enforcer_internal_api.go
@@ -141,6 +141,11 @@ func (e *Enforcer) updateIdByToken(tokenValue string, id string) error {
 	return err
 }
 
+func (e *Enforcer) updateTokenTimeout(token string, timeout int64) error {
+	err := e.notifyUpdateTimeout(e.spliceTokenKey(token), timeout)
+	return err
+}
+
 func (e *Enforcer) setBanned(id string, service string, level int, time int64) error {
 	err := e.notifySetStr(e.spliceBannedKey(id, service), strconv.Itoa(level), time)
 	return err