diff --git a/server/handler/dtls.go b/server/handler/dtls.go
index 7501246..56e54a9 100644
--- a/server/handler/dtls.go
+++ b/server/handler/dtls.go
@@ -66,9 +66,13 @@ func startDtls() {
 		go func() {
 			// time.Sleep(1 * time.Second)
 			cc := conn.(*dtls.Conn)
-			sessid := hex.EncodeToString(cc.ConnectionState().SessionID)
-			sess := sessdata.Dtls2Sess(sessid)
-			LinkDtls(conn, sess.CSess)
+			did := hex.EncodeToString(cc.ConnectionState().SessionID)
+			cSess := sessdata.Dtls2CSess(did)
+			if cSess == nil {
+				conn.Close()
+				return
+			}
+			LinkDtls(conn, cSess)
 		}()
 	}
 }
diff --git a/server/sessdata/session.go b/server/sessdata/session.go
index 2da2ef4..cc6c054 100644
--- a/server/sessdata/session.go
+++ b/server/sessdata/session.go
@@ -94,18 +94,24 @@ func checkSession() {
 		timeout := time.Duration(base.Cfg.SessionTimeout) * time.Second
 		tick := time.NewTicker(time.Second * 60)
 		for range tick.C {
-			sessMux.Lock()
+			outToken := []string{}
+			sessMux.RLock()
 			t := time.Now()
 			for k, v := range sessions {
-				v.mux.Lock()
+				v.mux.RLock()
 				if !v.IsActive {
 					if t.Sub(v.LastLogin) > timeout {
-						delete(sessions, k)
+						outToken = append(outToken, k)
 					}
 				}
-				v.mux.Unlock()
+				v.mux.RUnlock()
+			}
+			sessMux.RUnlock()
+
+			// 删除过期session
+			for _, v := range outToken {
+				CloseSess(v)
 			}
-			sessMux.Unlock()
 		}
 	}()
 }
@@ -365,6 +371,20 @@ func Dtls2Sess(did string) *Session {
 	return sessions[token]
 }
 
+func Dtls2CSess(did string) *ConnSession {
+	sessMux.RLock()
+	defer sessMux.RUnlock()
+	token := dtlsIds[did]
+	sess := sessions[token]
+	if sess == nil {
+		return nil
+	}
+
+	sess.mux.RLock()
+	defer sess.mux.RUnlock()
+	return sess.CSess
+}
+
 func Dtls2MasterSecret(did string) string {
 	sessMux.RLock()
 	token := dtlsIds[did]
@@ -396,6 +416,7 @@ func CloseSess(token string) {
 	}
 
 	delete(sessions, token)
+	delete(dtlsIds, sess.DtlsSid)
 	sess.CSess.Close()
 }
 
@@ -414,7 +435,5 @@ func DelSessByStoken(stoken string) {
 	stoken = strings.TrimSpace(stoken)
 	sarr := strings.Split(stoken, "@")
 	token := sarr[1]
-	sessMux.Lock()
-	delete(sessions, token)
-	sessMux.Unlock()
+	CloseSess(token)
 }