diff --git a/enforcer.go b/enforcer.go
index 6f54fce..c485571 100644
--- a/enforcer.go
+++ b/enforcer.go
@@ -155,6 +155,10 @@ func (e *Enforcer) Login(id string, ctx ctx.Context) (string, error) {
 	return e.LoginByModel(id, model.DefaultLoginModel(), ctx)
 }
 
+func (e *Enforcer) LoginById(id string) (string, error) {
+	return e.Login(id, nil)
+}
+
 // LoginByModel login by id and loginModel, return tokenValue and error
 func (e *Enforcer) LoginByModel(id string, loginModel *model.Login, ctx ctx.Context) (string, error) {
 	if loginModel == nil {
@@ -226,7 +230,7 @@ func (e *Enforcer) LoginByModel(id string, loginModel *model.Login, ctx ctx.Cont
 					if session.TokenSignSize() > int(tokenConfig.MaxLoginCount) {
 						// delete tokenSign
 						session.RemoveTokenSign(tokenSign.Value)
-						err = e.updateSession(id, session)
+						err = e.UpdateSession(id, session)
 						if err != nil {
 							return "", err
 						}
@@ -264,7 +268,7 @@ func (e *Enforcer) Replaced(id string, device string) error {
 			if tokenSign, ok := element.Value.(*model.TokenSign); ok {
 				elementV := tokenSign.Value
 				session.RemoveTokenSign(elementV)
-				err = e.updateSession(id, session)
+				err = e.UpdateSession(id, session)
 				if err != nil {
 					return err
 				}
@@ -309,6 +313,20 @@ func (e *Enforcer) Logout(ctx ctx.Context) error {
 	return nil
 }
 
+// LogoutById force user to logout
+func (e *Enforcer) LogoutById(id string) error {
+	session := e.GetSession(id)
+	if session != nil {
+		for _, tokenSign := range session.TokenSignList {
+			err := e.LogoutByToken(tokenSign.Value)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
 // IsLoginById check if user logged in by loginId.
 // check all tokenValue and if one is validated return true
 func (e *Enforcer) IsLoginById(id string) (bool, error) {
@@ -467,7 +485,7 @@ func (e *Enforcer) Kickout(id string, device string) error {
 			if tokenSign, ok := element.Value.(*model.TokenSign); ok {
 				elementV := tokenSign.Value
 				session.RemoveTokenSign(elementV)
-				err := e.updateSession(id, session)
+				err := e.UpdateSession(id, session)
 				if err != nil {
 					return err
 				}
@@ -596,7 +614,7 @@ func (e *Enforcer) deleteSession(id string) error {
 	return nil
 }
 
-func (e *Enforcer) updateSession(id string, session *model.Session) error {
+func (e *Enforcer) UpdateSession(id string, session *model.Session) error {
 	bytes, err := e.sessionSerialize(session)
 	if err != nil {
 		return err
diff --git a/enforcer_interface.go b/enforcer_interface.go
index e471033..554db79 100644
--- a/enforcer_interface.go
+++ b/enforcer_interface.go
@@ -11,9 +11,12 @@ import (
 var _ IEnforcer = &Enforcer{}
 
 type IEnforcer interface {
+	// Login login api
 	Login(id string, ctx ctx.Context) (string, error)
+	LoginById(id string) (string, error)
 	LoginByModel(id string, loginModel *model.Login, ctx ctx.Context) (string, error)
 	Logout(ctx ctx.Context) error
+	LogoutById(id string) error
 	LogoutByToken(token string) error
 	IsLogin(ctx ctx.Context) (bool, error)
 	IsLoginByToken(token string) (bool, error)
@@ -52,6 +55,7 @@ type IEnforcer interface {
 	EnableLog()
 	IsLogEnable() bool
 	GetSession(id string) *model.Session
+	UpdateSession(id string, session *model.Session) error
 	SetSession(id string, session *model.Session, timeout int64) error
 	GetTokenConfig() config.TokenConfig
 }
diff --git a/enforcer_internal_api.go b/enforcer_internal_api.go
index 1532920..18ed4c9 100644
--- a/enforcer_internal_api.go
+++ b/enforcer_internal_api.go
@@ -93,7 +93,7 @@ func (e *Enforcer) LogoutByToken(token string) error {
 	if session != nil {
 		// delete tokenSign
 		session.RemoveTokenSign(token)
-		err = e.updateSession(id, session)
+		err = e.UpdateSession(id, session)
 		if err != nil {
 			return err
 		}
diff --git a/enforcer_test.go b/enforcer_test.go
index b734de3..3816331 100644
--- a/enforcer_test.go
+++ b/enforcer_test.go
@@ -409,9 +409,9 @@ func TestEnforcer_JsonAdapter(t *testing.T) {
 		t.Fatalf("unexpected session tokenSignList length = %v", num)
 	}
 
-	err = enforcer.updateSession("1", model.NewSession("4", "5", "6"))
+	err = enforcer.UpdateSession("1", model.NewSession("4", "5", "6"))
 	if err != nil {
-		t.Errorf("updateSession() failed: %v", err)
+		t.Errorf("UpdateSession() failed: %v", err)
 	}
 	session = enforcer.GetSession("1")
 	if id := session.Id; id != "4" {
diff --git a/model/session.go b/model/session.go
index 2e5ae47..1a96bba 100644
--- a/model/session.go
+++ b/model/session.go
@@ -25,8 +25,9 @@ type Session struct {
 
 func DefaultSession(id string) *Session {
 	return &Session{
-		Id:         id,
-		CreateTime: time.Now().UnixMilli(),
+		Id:            id,
+		CreateTime:    time.Now().UnixMilli(),
+		TokenSignList: make([]*TokenSign, 0),
 	}
 }
 
@@ -99,6 +100,7 @@ func (s *Session) RemoveTokenSign(tokenValue string) bool {
 	return true
 }
 
+// RemoveTokenSignByIndex delete by index
 func (s *Session) RemoveTokenSignByIndex(i int) {
 	s.TokenSignList = append(s.TokenSignList[:i], s.TokenSignList[i+1:]...)
 }
@@ -128,3 +130,15 @@ func (s *Session) Json() string {
 	}
 	return string(b)
 }
+
+func (s *Session) Get(key string) interface{} {
+	value, ok := s.DataMap.Load(key)
+	if !ok {
+		return nil
+	}
+	return value
+}
+
+func (s *Session) Set(key string, obj interface{}) {
+	s.DataMap.Store(key, obj)
+}