diff --git a/web/app/controllers/app/image_hosting/index.php b/web/app/controllers/app/image_hosting/index.php
index c6c60dd..8ab030b 100644
--- a/web/app/controllers/app/image_hosting/index.php
+++ b/web/app/controllers/app/image_hosting/index.php
@@ -36,9 +36,13 @@ if ($_POST['image_upload_file_submit'] == 'submit') {
 	}
 
 	if (!isset($_SESSION['phrase']) || !PhraseBuilder::comparePhrases($_SESSION['phrase'], $_POST['captcha'])) {
+		unset($_SESSION['phrase']);
+
 		throwError("bad_captcha");
 	}
 
+	unset($_SESSION['phrase']);
+
 	if ($_FILES["image_upload_file"]["error"] > 0) {
 		throwError($_FILES["image_upload_file"]["error"]);
 	}
diff --git a/web/app/controllers/forgot_pw.php b/web/app/controllers/forgot_pw.php
index 71fc4e4..6521434 100644
--- a/web/app/controllers/forgot_pw.php
+++ b/web/app/controllers/forgot_pw.php
@@ -38,9 +38,13 @@ $forgot_form->handle = function (&$vdata) {
 	$password = $user["password"];
 
 	if (!isset($_SESSION['phrase']) || !PhraseBuilder::comparePhrases($_SESSION['phrase'], $_POST['captcha'])) {
+		unset($_SESSION['phrase']);
+
 		becomeMsgPage('验证码错误！');
 	}
 
+	unset($_SESSION['phrase']);
+
 	if (!$user['email']) {
 		becomeMsgPage('用户未填写邮件地址，请联系管理员重置！');
 	}
@@ -99,7 +103,6 @@ EOD;
 	}
 };
 $forgot_form->submit_button_config['align'] = 'offset';
-
 $forgot_form->runAtServer();
 ?>
 <?php echoUOJPageHeader('找回密码') ?>