diff --git a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java
index 63564a9d..b90aa652 100644
--- a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java
+++ b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java
@@ -7,7 +7,6 @@ import cn.dev33.satoken.router.SaRouter;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.dev33.satoken.util.SaResult;
 import org.dromara.common.core.constant.HttpStatus;
-import org.dromara.common.core.utils.ServletUtils;
 import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.satoken.utils.LoginHelper;
 import org.dromara.gateway.config.properties.IgnoreWhiteProperties;
@@ -41,11 +40,12 @@ public class AuthFilter {
                         // 检查是否登录 是否有token
                         StpUtil.checkLogin();
 
-                        // 检查 header 里的 clientId 与 token 里的是否一致
+                        // 检查 header 与 param 里的 clientid 与 token 里的是否一致
                         ServerHttpRequest request = SaReactorSyncHolder.getContext().getRequest();
                         String headerCid = request.getHeaders().getFirst(LoginHelper.CLIENT_KEY);
+                        String paramCid = request.getQueryParams().getFirst(LoginHelper.CLIENT_KEY);
                         String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString();
-                        if (!StringUtils.equals(headerCid, clientId)) {
+                        if (!StringUtils.equalsAny(clientId, headerCid, paramCid)) {
                             // token 无效
                             throw NotLoginException.newInstance(
                                 StpUtil.getLoginType(),