diff --git a/hooks.go b/hooks.go
index 3dca1b8d..0c7d05fe 100644
--- a/hooks.go
+++ b/hooks.go
@@ -45,26 +45,24 @@ func registerSession() error {
 	if BConfig.WebConfig.Session.SessionOn {
 		var err error
 		sessionConfig := AppConfig.String("sessionConfig")
+		conf := new(session.ManagerConfig)
 		if sessionConfig == "" {
-			conf := map[string]interface{}{
-				"cookieName":              BConfig.WebConfig.Session.SessionName,
-				"gclifetime":              BConfig.WebConfig.Session.SessionGCMaxLifetime,
-				"providerConfig":          filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig),
-				"secure":                  BConfig.Listen.EnableHTTPS,
-				"enableSetCookie":         BConfig.WebConfig.Session.SessionAutoSetCookie,
-				"domain":                  BConfig.WebConfig.Session.SessionDomain,
-				"cookieLifeTime":          BConfig.WebConfig.Session.SessionCookieLifeTime,
-				"enableSidInHttpHeader":   BConfig.WebConfig.Session.EnableSidInHttpHeader,
-				"sessionNameInHttpHeader": BConfig.WebConfig.Session.SessionNameInHttpHeader,
-				"enableSidInUrlQuery":     BConfig.WebConfig.Session.EnableSidInUrlQuery,
-			}
-			confBytes, err := json.Marshal(conf)
-			if err != nil {
+			conf.CookieName = BConfig.WebConfig.Session.SessionName
+			conf.EnableSetCookie = BConfig.WebConfig.Session.SessionAutoSetCookie
+			conf.Gclifetime = BConfig.WebConfig.Session.SessionGCMaxLifetime
+			conf.Secure = BConfig.Listen.EnableHTTPS
+			conf.CookieLifeTime = BConfig.WebConfig.Session.SessionCookieLifeTime
+			conf.ProviderConfig = filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig)
+			conf.Domain = BConfig.WebConfig.Session.SessionDomain
+			conf.EnableSidInHttpHeader = BConfig.WebConfig.Session.EnableSidInHttpHeader
+			conf.SessionNameInHttpHeader = BConfig.WebConfig.Session.SessionNameInHttpHeader
+			conf.EnableSidInUrlQuery = BConfig.WebConfig.Session.EnableSidInUrlQuery
+		} else {
+			if err = json.Unmarshal([]byte(sessionConfig), conf); err != nil {
 				return err
 			}
-			sessionConfig = string(confBytes)
 		}
-		if GlobalSessions, err = session.NewManager(BConfig.WebConfig.Session.SessionProvider, sessionConfig); err != nil {
+		if GlobalSessions, err = session.NewManager(BConfig.WebConfig.Session.SessionProvider, conf); err != nil {
 			return err
 		}
 		go GlobalSessions.GC()
diff --git a/session/sess_cookie_test.go b/session/sess_cookie_test.go
index 209e501c..b6726005 100644
--- a/session/sess_cookie_test.go
+++ b/session/sess_cookie_test.go
@@ -15,6 +15,7 @@
 package session
 
 import (
+	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -23,7 +24,11 @@ import (
 
 func TestCookie(t *testing.T) {
 	config := `{"cookieName":"gosessionid","enableSetCookie":false,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}`
-	globalSessions, err := NewManager("cookie", config)
+	conf := new(ManagerConfig)
+	if err := json.Unmarshal([]byte(config), conf); err != nil {
+		t.Fatal("json decode error", err)
+	}
+	globalSessions, err := NewManager("cookie", conf)
 	if err != nil {
 		t.Fatal("init cookie session err", err)
 	}
@@ -56,7 +61,11 @@ func TestCookie(t *testing.T) {
 
 func TestDestorySessionCookie(t *testing.T) {
 	config := `{"cookieName":"gosessionid","enableSetCookie":true,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}`
-	globalSessions, err := NewManager("cookie", config)
+	conf := new(ManagerConfig)
+	if err := json.Unmarshal([]byte(config), conf); err != nil {
+		t.Fatal("json decode error", err)
+	}
+	globalSessions, err := NewManager("cookie", conf)
 	if err != nil {
 		t.Fatal("init cookie session err", err)
 	}
diff --git a/session/sess_mem_test.go b/session/sess_mem_test.go
index 43f5b0a9..2e8934b8 100644
--- a/session/sess_mem_test.go
+++ b/session/sess_mem_test.go
@@ -15,6 +15,7 @@
 package session
 
 import (
+	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -22,7 +23,12 @@ import (
 )
 
 func TestMem(t *testing.T) {
-	globalSessions, _ := NewManager("memory", `{"cookieName":"gosessionid","gclifetime":10}`)
+	config := `{"cookieName":"gosessionid","gclifetime":10, "enableSetCookie":true}`
+	conf := new(ManagerConfig)
+	if err := json.Unmarshal([]byte(config), conf); err != nil {
+		t.Fatal("json decode error", err)
+	}
+	globalSessions, _ := NewManager("memory", conf)
 	go globalSessions.GC()
 	r, _ := http.NewRequest("GET", "/", nil)
 	w := httptest.NewRecorder()
diff --git a/session/sess_test.go b/session/sess_test.go
index 5ba910f2..b40865f3 100644
--- a/session/sess_test.go
+++ b/session/sess_test.go
@@ -89,7 +89,7 @@ func TestCookieEncodeDecode(t *testing.T) {
 
 func TestParseConfig(t *testing.T) {
 	s := `{"cookieName":"gosessionid","gclifetime":3600}`
-	cf := new(managerConfig)
+	cf := new(ManagerConfig)
 	cf.EnableSetCookie = true
 	err := json.Unmarshal([]byte(s), cf)
 	if err != nil {
@@ -103,7 +103,7 @@ func TestParseConfig(t *testing.T) {
 	}
 
 	cc := `{"cookieName":"gosessionid","enableSetCookie":false,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}`
-	cf2 := new(managerConfig)
+	cf2 := new(ManagerConfig)
 	cf2.EnableSetCookie = true
 	err = json.Unmarshal([]byte(cc), cf2)
 	if err != nil {
diff --git a/session/session.go b/session/session.go
index 73f0d677..3c9d07ab 100644
--- a/session/session.go
+++ b/session/session.go
@@ -30,7 +30,6 @@ package session
 import (
 	"crypto/rand"
 	"encoding/hex"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -82,7 +81,7 @@ func Register(name string, provide Provider) {
 	provides[name] = provide
 }
 
-type managerConfig struct {
+type ManagerConfig struct {
 	CookieName              string `json:"cookieName"`
 	EnableSetCookie         bool   `json:"enableSetCookie,omitempty"`
 	Gclifetime              int64  `json:"gclifetime"`
@@ -100,7 +99,7 @@ type managerConfig struct {
 // Manager contains Provider and its configuration.
 type Manager struct {
 	provider Provider
-	config   *managerConfig
+	config   *ManagerConfig
 }
 
 // NewManager Create new Manager with provider name and json config string.
@@ -115,17 +114,12 @@ type Manager struct {
 // 2. hashfunc  default sha1
 // 3. hashkey default beegosessionkey
 // 4. maxage default is none
-func NewManager(provideName, config string) (*Manager, error) {
+func NewManager(provideName string, cf *ManagerConfig) (*Manager, error) {
 	provider, ok := provides[provideName]
 	if !ok {
 		return nil, fmt.Errorf("session: unknown provide %q (forgotten import?)", provideName)
 	}
-	cf := new(managerConfig)
-	cf.EnableSetCookie = true
-	err := json.Unmarshal([]byte(config), cf)
-	if err != nil {
-		return nil, err
-	}
+
 	if cf.Maxlifetime == 0 {
 		cf.Maxlifetime = cf.Gclifetime
 	}
@@ -142,7 +136,7 @@ func NewManager(provideName, config string) (*Manager, error) {
 		}
 	}
 
-	err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
+	err := provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -166,7 +160,7 @@ func NewManager(provideName, config string) (*Manager, error) {
 // otherwise return an valid session id.
 func (manager *Manager) getSid(r *http.Request) (string, error) {
 	cookie, errs := r.Cookie(manager.config.CookieName)
-	if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
+	if errs != nil || cookie.Value == "" {
 		var sid string
 		if manager.config.EnableSidInUrlQuery {
 			errs := r.ParseForm()
@@ -211,6 +205,9 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
 	}
 
 	session, err = manager.provider.SessionRead(sid)
+	if err != nil {
+		return nil, errs
+	}
 	cookie := &http.Cookie{
 		Name:     manager.config.CookieName,
 		Value:    url.QueryEscape(sid),