diff --git a/apps/authentication/templates/authentication/login.html b/apps/authentication/templates/authentication/login.html
index 3c95332a2..2fd518462 100644
--- a/apps/authentication/templates/authentication/login.html
+++ b/apps/authentication/templates/authentication/login.html
@@ -33,28 +33,23 @@
         }
 
         .form-group {
-            margin-bottom: 40px;
-            margin-top: 10px;
+            margin-bottom: 30px;
+            margin-top: 20px;
         }
 
-        .addition .form-group, .has-error .form-group  {
+        .extra-fields-1 .form-group {
+            margin-bottom: 30px;
+            margin-top: 15px;
+        }
+
+        .extra-fields-2 .form-group {
             margin-bottom: 20px;
             margin-top: 10px;
         }
 
-        .auth-methods.has-error .form-group, .auth-methods.addition .form-group {
-            margin-bottom: 15px;
-            margin-top: 5px;
-        }
-
-        .has-error.addition .form-group {
-            margin-bottom: 20px;
-            margin-top: 5px;
-        }
-
-        .auth-methods.addition.has-error .form-group {
+        .extra-fields-3 .form-group {
             margin-bottom: 10px;
-            margin-top: 5px;
+            margin-top: 10px;
         }
 
         .login-content {
@@ -185,11 +180,7 @@
 </head>
 
 <body>
-<div class="login-content
-    {% if form.errors or form.non_field_error %} has-error {% endif %}
-    {% if auth_methods %} auth-methods {% endif %}
-    {% if form.captcha or form.mfa_type or form.challenge %} addition {% endif %}
-">
+<div class="login-content extra-fields-{{ extra_fields_count }}">
     <div class="right-image-box">
         <a href="{% if not XPACK_ENABLED %}https://github.com/jumpserver/jumpserver.git{% endif %}">
             <img src="{{ LOGIN_IMAGE_URL }}" class="right-image"  alt="screen-image"/>
diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py
index e6fe6b6cf..0736a994d 100644
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -209,6 +209,19 @@ class UserLoginView(mixins.AuthMixin, FormView):
         forgot_password_url = settings.FORGOT_PASSWORD_URL or forgot_password_url
         return forgot_password_url
 
+    def get_extra_fields_count(self, context):
+        count = 0
+        if self.get_support_auth_methods():
+            count += 1
+        form = context.get('form')
+        if not form:
+            return count
+        if set(form.fields.keys()) & {'captcha', 'challenge', 'mfa_type'}:
+            count += 1
+        if form.errors or form.non_field_errors():
+            count += 1
+        return count
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         context.update({
@@ -217,6 +230,7 @@ class UserLoginView(mixins.AuthMixin, FormView):
             'langs': self.get_support_langs(),
             'current_lang': self.get_current_lang(),
             'forgot_password_url': self.get_forgot_password_url(),
+            'extra_fields_count': self.get_extra_fields_count(context),
             **self.get_user_mfa_context(self.request.user)
         })
         return context
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index df8b5f287..b88bd45fe 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -158,7 +158,7 @@ class Config(dict):
         'SESSION_COOKIE_DOMAIN': None,
         'CSRF_COOKIE_DOMAIN': None,
         'SESSION_COOKIE_NAME_PREFIX': None,
-        'SESSION_COOKIE_AGE': 3600 * 24,
+        'SESSION_COOKIE_AGE': 3600,
         'SESSION_EXPIRE_AT_BROWSER_CLOSE': False,
         'LOGIN_URL': reverse_lazy('authentication:login'),
         'CONNECTION_TOKEN_EXPIRATION': 5 * 60,
diff --git a/config_example.yml b/config_example.yml
index c3075a8b6..f8f458a80 100644
--- a/config_example.yml
+++ b/config_example.yml
@@ -1,11 +1,11 @@
 # SECURITY WARNING: keep the secret key used in production secret!
 # 加密密钥 生产环境中请修改为随机字符串，请勿外泄, 可使用命令生成
 # $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
-SECRET_KEY: 
+SECRET_KEY:
 
 # SECURITY WARNING: keep the bootstrap token used in production secret!
 # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-BOOTSTRAP_TOKEN: 
+BOOTSTRAP_TOKEN:
 
 # Development env open this, when error occur display the full process track, Production disable it
 # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
@@ -14,11 +14,11 @@ BOOTSTRAP_TOKEN:
 # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
 # 日志级别
 # LOG_LEVEL: DEBUG
-# LOG_DIR: 
+# LOG_DIR:
 
-# Session expiration setting, Default 24 hour, Also set expired on on browser close
-# 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-# SESSION_COOKIE_AGE: 86400
+# Session expiration setting, Default 1 hour, Also set expired on on browser close
+# 浏览器Session过期时间，默认 1 小时, 也可以设置浏览器关闭则过期
+# SESSION_COOKIE_AGE: 3600
 # SESSION_EXPIRE_AT_BROWSER_CLOSE: false
 
 # Database setting, Support sqlite3, mysql, postgres ....
@@ -28,14 +28,14 @@ BOOTSTRAP_TOKEN:
 # SQLite setting:
 # 使用单文件sqlite数据库
 # DB_ENGINE: sqlite3
-# DB_NAME: 
+# DB_NAME:
 # MySQL or postgres setting like:
 # 使用Mysql作为数据库
 DB_ENGINE: mysql
 DB_HOST: 127.0.0.1
 DB_PORT: 3306
 DB_USER: jumpserver
-DB_PASSWORD: 
+DB_PASSWORD:
 DB_NAME: jumpserver
 
 # When Django start it will bind this host and port
@@ -49,47 +49,10 @@ WS_LISTEN_PORT: 8070
 # Redis配置
 REDIS_HOST: 127.0.0.1
 REDIS_PORT: 6379
-# REDIS_PASSWORD: 
+# REDIS_PASSWORD:
 # REDIS_DB_CELERY: 3
 # REDIS_DB_CACHE: 4
 
-# Use OpenID Authorization
-# 使用 OpenID 进行认证设置
-# AUTH_OPENID: False # True or False
-# BASE_SITE_URL: None
-# AUTH_OPENID_CLIENT_ID: client-id
-# AUTH_OPENID_CLIENT_SECRET: client-secret
-# AUTH_OPENID_PROVIDER_ENDPOINT: https://op-example.com/
-# AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINT: https://op-example.com/authorize
-# AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT: https://op-example.com/token
-# AUTH_OPENID_PROVIDER_JWKS_ENDPOINT: https://op-example.com/jwks
-# AUTH_OPENID_PROVIDER_USERINFO_ENDPOINT: https://op-example.com/userinfo
-# AUTH_OPENID_PROVIDER_END_SESSION_ENDPOINT: https://op-example.com/logout
-# AUTH_OPENID_PROVIDER_SIGNATURE_ALG: HS256
-# AUTH_OPENID_PROVIDER_SIGNATURE_KEY: None
-# AUTH_OPENID_SCOPES: "openid profile email"
-# AUTH_OPENID_ID_TOKEN_MAX_AGE: 60
-# AUTH_OPENID_ID_TOKEN_INCLUDE_CLAIMS: True
-# AUTH_OPENID_USE_STATE: True
-# AUTH_OPENID_USE_NONCE: True
-# AUTH_OPENID_SHARE_SESSION: True
-# AUTH_OPENID_IGNORE_SSL_VERIFICATION: True
-# AUTH_OPENID_ALWAYS_UPDATE_USER: True
-
-# Use Radius authorization
-# 使用Radius来认证
-# AUTH_RADIUS: false
-# RADIUS_SERVER: localhost
-# RADIUS_PORT: 1812
-# RADIUS_SECRET: 
-
-# CAS 配置
-# AUTH_CAS': False,
-# CAS_SERVER_URL': "http://host/cas/",
-# CAS_ROOT_PROXIED_AS': 'http://jumpserver-host:port',  
-# CAS_LOGOUT_COMPLETELY': True,
-# CAS_VERSION': 3,
-
 # LDAP/AD settings
 # LDAP 搜索分页数量
 # AUTH_LDAP_SEARCH_PAGED_SIZE: 1000
@@ -114,13 +77,6 @@ REDIS_PORT: 6379
 # OTP_VALID_WINDOW: 0
 # OTP_ISSUER_NAME: Jumpserver
 
-# Perm show single asset to ungrouped node
-# 是否把未授权节点资产放入到 未分组 节点中
-# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: False
-#
-# 同一账号仅允许在一台设备登录
-# USER_LOGIN_SINGLE_MACHINE_ENABLED: False
-#
 # 启用定时任务
 # PERIOD_TASK_ENABLED: True
 #
@@ -130,18 +86,12 @@ REDIS_PORT: 6379
 # 是否开启 Luna 水印
 # SECURITY_WATERMARK_ENABLED: False
 
-# 健康检查的token，默认是空
-# HEALTH_CHECK_TOKEN: ''
-
 # 浏览器关闭页面后，会话过期
 # SESSION_EXPIRE_AT_BROWSER_CLOSE_FORCE: False
 
 # 每次api请求，session续期
 # SESSION_SAVE_EVERY_REQUEST: True
 
-# 硬盘检查
-# DISK_CHECK_ENABLED: True
-
 # 仅允许用户从来源处登录
 # ONLY_ALLOW_AUTH_FROM_SOURCE: False