diff --git a/src/login.ts b/src/login.ts
index 0dec4d2..68ae646 100644
--- a/src/login.ts
+++ b/src/login.ts
@@ -84,11 +84,11 @@ const setToken = (
     httpOnly: true,
     secure: !setting.localmode,
     sameSite: "strict",
-    expires: new Date(Date.now() + expiredtime),
+    expires: new Date(Date.now() + expiredtime * 1000),
   });
 };
 export const createLoginMiddleware = (userController: UserAccessor) =>
-  async (ctx: Koa.Context, next: Koa.Next) => {
+  async (ctx: Koa.Context, _next: Koa.Next) => {
     const setting = get_setting();
     const secretKey = setting.jwt_secretkey;
     const body = ctx.request.body;
@@ -190,7 +190,6 @@ const refreshTokenHandler = (cntr: UserAccessor) =>
           } else {
             console.error("invalid token detected");
             throw new Error("token form invalid");
-            return;
           }
         } catch (e) {
           if (e instanceof TokenExpiredError) { // refresh token is expired.