diff --git a/config/index.js b/config/index.js
index 0adc582..96f0101 100644
--- a/config/index.js
+++ b/config/index.js
@@ -10,6 +10,7 @@ const ENV_DEV = 'development'
 export default {
   db: {},
   session: {
+    enabled: false,
     type: 'native', // native 或 redis
     ttl: 3600 * 24 * 7,
     domain: '', // NODESSID域, 默认等于domain
@@ -20,6 +21,13 @@ export default {
       db: 0
     }
   },
+  jwt: {
+    // jwt 开关
+    enabled: false,
+    ttl: 3600 * 24 * 7,
+    level: 0, // 校验级别, 0: 不校验客户端, 2: ua, 4: ip, 6: ua + ip
+    secret: 'it_is_secret_key' // jwt密钥, 使用时请修改
+  },
   website: 'localhost',
   domain: '', // cookie域, 默认等于website
   port: 3000,
@@ -38,7 +46,6 @@ export default {
     origin: [], // ['abc.com', 'a.foo.com']
     maxAge: 0
   },
-  jwt: false, // jwt opened
   regexp: {
     // 常用正则
     email: /^[\w\.\-]+@\w+([\.\-]\w+)*\.\w+$/,
diff --git a/index.js b/index.js
index 10be550..11ccbaf 100644
--- a/index.js
+++ b/index.js
@@ -12,15 +12,15 @@ import fs from 'iofs'
 
 import Request from '@gm5/request'
 import Response from '@gm5/response'
-import { sessionStore, sessionWare } from '@gm5/session'
-import Jwt from '@gm5/jwt'
+import { sessionPackage, sessionConnect } from '@gm5/session'
+import { jwtPackage, jwtConnect } from '@gm5/jwt'
 
 import config from './config/index.js'
 
 import Views from './lib/views.js'
 
-import routerWare from './middleware/router.js'
-import corsWare from './middleware/cors.js'
+import Routers from './middleware/router.js'
+import Cors from './middleware/cors.js'
 
 function hideProperty(host, name, value) {
   Object.defineProperty(host, name, {
@@ -35,11 +35,11 @@ export default class Five {
   constructor() {
     hideProperty(this, '__FIVE__', config)
     hideProperty(this, '__MODULES__', {})
-    hideProperty(this, '__MIDDLEWARE__', [corsWare])
+    hideProperty(this, '__MIDDLEWARE__', [Cors])
   }
 
   __main__() {
-    var { domain, website, session } = this.__FIVE__
+    var { domain, website, session, jwt } = this.__FIVE__
     domain = domain || website
     session.domain = session.domain || domain
     this.set({ domain, session })
@@ -49,14 +49,20 @@ export default class Five {
       this.install(Views)
     }
 
-    // 将session中间件提到最前
+    // 将jwt & session中间件提到最前
     // 以便用户自定义的中间件可以直接操作session
-    this.install(sessionStore)
-    this.install(Jwt)
-    this.__MIDDLEWARE__.unshift(sessionWare)
+    if (session.enabled) {
+      this.install(sessionPackage)
+      this.__MIDDLEWARE__.unshift(sessionConnect)
+    }
+    // 开启jwt
+    if (jwt) {
+      this.install(jwtPackage)
+      this.__MIDDLEWARE__.unshift(jwtConnect)
+    }
 
     // 路由中间件要在最后
-    this.use(routerWare)
+    this.use(Routers)
   }
 
   /*------------------------------------------------------------------------*/
diff --git a/package.json b/package.json
index 1d376aa..b828002 100644
--- a/package.json
+++ b/package.json
@@ -11,7 +11,7 @@
     "@gm5/response": "^1.3.1",
     "@gm5/controller": "^1.0.0",
     "@gm5/jwt": "^1.1.0",
-    "crypto.js": "^2.0.1",
+    "crypto.js": "^2.0.2",
     "es.shim": "^2.0.1",
     "iofs": "^1.5.0"
   },