diff --git a/kernel/model/session.go b/kernel/model/session.go
index 9facca9d5..ef3bc103a 100644
--- a/kernel/model/session.go
+++ b/kernel/model/session.go
@@ -92,6 +92,13 @@ func LoginAuth(c *gin.Context) {
 			ret.Code = 1
 			ret.Msg = Conf.Language(22)
 			logging.LogWarnf("invalid captcha")
+
+			workspaceSession.Captcha = gulu.Rand.String(7) // https://github.com/siyuan-note/siyuan/issues/13147
+			if err := session.Save(c); err != nil {
+				logging.LogErrorf("save session failed: " + err.Error())
+				c.Status(http.StatusInternalServerError)
+				return
+			}
 			return
 		}
 	}
diff --git a/kernel/server/serve.go b/kernel/server/serve.go
index dea0ed7fc..8de6fc91a 100644
--- a/kernel/server/serve.go
+++ b/kernel/server/serve.go
@@ -36,7 +36,7 @@ import (
 	"github.com/emersion/go-webdav/carddav"
 	"github.com/gin-contrib/gzip"
 	"github.com/gin-contrib/sessions"
-	"github.com/gin-contrib/sessions/memstore"
+	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
 	"github.com/mssola/useragent"
 	"github.com/olahol/melody"
@@ -61,8 +61,7 @@ const (
 )
 
 var (
-	// 这里用的是内存存储，意味着重启后所有 session 会丢失，需要重新登录
-	sessionStore = memstore.NewStore([]byte("ATN51UlxVq1Gcvdf"))
+	sessionStore = cookie.NewStore([]byte("ATN51UlxVq1Gcvdf"))
 
 	HttpMethods = []string{
 		http.MethodGet,