diff --git a/constant/constant.go b/constant/constant.go
index 991c7b3..c1bbf5d 100644
--- a/constant/constant.go
+++ b/constant/constant.go
@@ -16,7 +16,7 @@ const (
 )
 
 const (
-	TokenName = "TokenGo"
+	TokenName = "Tokengo"
 )
 
 const (
diff --git a/ctx/go-http-context/request.go b/ctx/go-http-context/request.go
index ac8d630..f7c235b 100644
--- a/ctx/go-http-context/request.go
+++ b/ctx/go-http-context/request.go
@@ -44,10 +44,12 @@ func (d *HttpRequest) UrlNoQuery() string {
 	if d.source.URL.Scheme != "" {
 		scheme = d.source.URL.Scheme
 	}
-	if d.source.TLS != nil {
-		scheme = "https"
-	} else {
-		scheme = "http"
+	if scheme == "" {
+		if d.source.TLS != nil {
+			scheme = "https"
+		} else {
+			scheme = "http"
+		}
 	}
 	return scheme + "://" + d.source.Host + d.source.URL.Path
 }
diff --git a/ctx/go-http-context/response.go b/ctx/go-http-context/response.go
index 97cc1d9..027a829 100644
--- a/ctx/go-http-context/response.go
+++ b/ctx/go-http-context/response.go
@@ -54,12 +54,18 @@ func (r *HttpResponse) DeleteCookie(name string, path string, domain string) {
 }
 
 func (r *HttpResponse) AddCookie(name string, value string, path string, domain string, timeout int64) {
+	var expiration time.Time
+	if timeout == -1 {
+		expiration = time.Unix(0, 0)
+	} else {
+		expiration = time.Now().Add(time.Second * time.Duration(timeout))
+	}
 	cookie := http.Cookie{
 		Name:    name,
 		Value:   value,
 		Path:    path,
 		Domain:  domain,
-		Expires: time.Now().Add(time.Second * time.Duration(timeout)),
+		Expires: expiration,
 	}
 	r.AddHeader(constant.SetCookie, cookie.String())
 }
diff --git a/enforcer_internal_api.go b/enforcer_internal_api.go
index 18ed4c9..2274c9b 100644
--- a/enforcer_internal_api.go
+++ b/enforcer_internal_api.go
@@ -5,6 +5,7 @@ import (
 	"github.com/weloe/token-go/constant"
 	"github.com/weloe/token-go/ctx"
 	"github.com/weloe/token-go/model"
+	"math"
 	"strconv"
 )
 
@@ -56,10 +57,20 @@ func (e *Enforcer) ResponseToken(tokenValue string, loginModel *model.Login, ctx
 
 	// set token to cookie
 	if tokenConfig.IsReadCookie {
-		cookieTimeout := tokenConfig.Timeout
-		if loginModel.IsLastingCookie {
+		var cookieTimeout int64
+		if !loginModel.IsLastingCookie {
 			cookieTimeout = -1
+		} else {
+			if loginModel.Timeout != 0 {
+				cookieTimeout = loginModel.Timeout
+			} else {
+				cookieTimeout = tokenConfig.Timeout
+			}
+			if cookieTimeout == constant.NeverExpire {
+				cookieTimeout = math.MaxInt64
+			}
 		}
+
 		// add cookie use tokenConfig.CookieConfig
 		ctx.Response().AddCookie(tokenConfig.TokenName,
 			tokenValue,
@@ -71,6 +82,7 @@ func (e *Enforcer) ResponseToken(tokenValue string, loginModel *model.Login, ctx
 	// set token to header
 	if loginModel.IsWriteHeader {
 		ctx.Response().SetHeader(tokenConfig.TokenName, tokenValue)
+		ctx.Response().AddHeader(constant.AccessControlExposeHeaders, tokenConfig.TokenName)
 	}
 
 	return nil