diff --git a/app/controllers/wechats_controller.rb b/app/controllers/wechats_controller.rb
index 5be3c8bdf..ef5562bf0 100644
--- a/app/controllers/wechats_controller.rb
+++ b/app/controllers/wechats_controller.rb
@@ -159,7 +159,7 @@ class WechatsController < ActionController::Base
     uw = UserWechat.create!(attrs)
     news = (1..1).each_with_object([]) { |n, memo| memo << { title: '绑定登录', content: "您还未绑定确实的用户,请先绑定." } }
     request.reply.news(news) do |article, n, index| # article is return object
-      url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=#{Wechat.config.appid}&redirect_uri=#{login_wechat_url(uid: uw.id)}&response_type=code&scope=snsapi_base&state=STATE#wechat_redirect"
+      url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=#{Wechat.config.appid}&redirect_uri=#{login_wechat_url}&response_type=code&scope=snsapi_base&state=#{uw.id}#wechat_redirect"
       article.item title: "#{n[:title]}",
                    description: n[:content],
                    pic_url: 'http://wechat.trustie.net/images/trustie_logo2.png',
@@ -169,12 +169,12 @@ class WechatsController < ActionController::Base
 
   def bind
     begin
-       raise "非法操作, 微信ID不存在" unless params[:openid]
+       raise "非法操作, 微信ID不存在" unless params[:state]
        user, last_login_on = User.try_to_login(params[:username], params[:password])
        raise "用户名或密码错误,请重新登录" unless user
        #补全用户信息
 
-       uw = UserWechat.find_by_id(params[:openid])
+       uw = UserWechat.find_by_id(params[:state])
        uw.user_id = user.id
        uw.save!
     rescue Exception=>e
diff --git a/app/views/wechats/login.html.erb b/app/views/wechats/login.html.erb
index e6a936f4e..f3fa64a56 100644
--- a/app/views/wechats/login.html.erb
+++ b/app/views/wechats/login.html.erb
@@ -5,12 +5,23 @@
   <meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=0">
   <title>绑定用户</title>
   <link rel="stylesheet" href="/stylesheets/weui/weui.min.css"/>
+  <script type="text/javascript" charset="utf-8" src="/javascripts/jquery.min.js" />
+  <%= csrf_meta_tag %>
+  <%= javascript_tag "var AUTH_TOKEN = '#{form_authenticity_token}';" if protect_against_forgery? %>
 
   <script type="text/javascript">
-    function formSubmit()
-    {
-      document.getElementById("main_login_form").submit()
-    }
+    $(function(){
+      $("#submitForm").click(function(){
+        $.ajax({
+          type: "POST",
+          url: $(this).parent("form").attr("action") + "?&authenticity_token=" + AUTH_TOKEN,
+          data:$(this).parent("form").serialize(),
+          dataType: "json"
+        });
+        return false;
+      })
+    });
+
   </script>
 </head>
 
@@ -41,7 +52,7 @@
       <input type="hidden" value="<%=@openid%>" name="openid">
 
         <div class="weui_btn_area">
-          <a class="weui_btn weui_btn_primary" href="javascript:formSubmit();" id="showTooltips">确定</a>
+          <a class="weui_btn weui_btn_primary" id="submitForm">确定</a>
         </div>
 
       </div>