diff --git a/src/session/composer.json b/src/session/composer.json
index ae803c85..df0abb51 100644
--- a/src/session/composer.json
+++ b/src/session/composer.json
@@ -16,12 +16,8 @@
     },
     "require": {
         "php": "^8.0",
+        "max/http-message": "dev-master",
         "max/utils": "dev-master",
         "max/redis": "dev-master"
-    },
-    "extra": {
-        "max": {
-            "config": "Max\\Session\\ConfigProvider"
-        }
     }
 }
diff --git a/src/session/src/ConfigProvider.php b/src/session/src/ConfigProvider.php
deleted file mode 100644
index 4221b720..00000000
--- a/src/session/src/ConfigProvider.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * This file is part of MaxPHP.
- *
- * @link     https://github.com/marxphp
- * @license  https://github.com/marxphp/max/blob/master/LICENSE
- */
-
-namespace Max\Session;
-
-class ConfigProvider
-{
-    public function __invoke(): array
-    {
-        return [
-            'publish' => [
-                [
-                    'name'        => 'session',
-                    'source'      => __DIR__ . '/../publish/session.php',
-                    'destination' => dirname(__DIR__, 4) . '/config/session.php',
-                ],
-            ],
-        ];
-    }
-}
diff --git a/src/session/src/Session.php b/src/session/src/Session.php
index d7aadb56..d815b23a 100644
--- a/src/session/src/Session.php
+++ b/src/session/src/Session.php
@@ -17,6 +17,7 @@
 use SessionHandlerInterface;
 
 use function ctype_alnum;
+use function session_create_id;
 
 class Session
 {
@@ -48,7 +49,7 @@ public function start(?string $id = null): void
         if ($this->isStarted()) {
             throw new SessionException('Cannot restart session.');
         }
-        $this->id = ($id && $this->isValidId($id)) ? $id : \session_create_id();
+        $this->id = ($id && $this->isValidId($id)) ? $id : session_create_id();
         if ($data = $this->sessionHandler->read($this->id)) {
             $this->data = (array) (@\unserialize($data) ?: []);
         }
@@ -68,7 +69,7 @@ public function save(): void
      */
     public function regenerateId(): void
     {
-        $this->id = \session_create_id();
+        $this->id = session_create_id();
     }
 
     /**
diff --git a/src/session/src/SessionManager.php b/src/session/src/SessionManager.php
deleted file mode 100644
index 9f9d38f2..00000000
--- a/src/session/src/SessionManager.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * This file is part of MaxPHP.
- *
- * @link     https://github.com/marxphp
- * @license  https://github.com/marxphp/max/blob/master/LICENSE
- */
-
-namespace Max\Session;
-
-class SessionManager
-{
-    /**
-     * Session handlers.
-     */
-    protected array $handlers = [];
-
-    public function __construct(
-        protected array $config = []
-    ) {
-    }
-
-    /**
-     * Create a new session.
-     */
-    public function create(?string $name = null): Session
-    {
-        $name ??= $this->config['default'];
-        if (! isset($this->handlers[$name])) {
-            $config                = $this->config['stores'][$name];
-            $handler               = $config['handler'];
-            $options               = $config['options'];
-            $this->handlers[$name] = new $handler($options);
-        }
-
-        return new Session($this->handlers[$name]);
-    }
-}
diff --git a/src/session/src/SessionMiddleware.php b/src/session/src/SessionMiddleware.php
new file mode 100644
index 00000000..9869b15d
--- /dev/null
+++ b/src/session/src/SessionMiddleware.php
@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * This file is part of MaxPHP.
+ *
+ * @link     https://github.com/marxphp
+ * @license  https://github.com/marxphp/max/blob/master/LICENSE
+ */
+
+namespace Max\Session;
+
+use Max\Config\Contracts\ConfigInterface;
+use Max\Http\Message\Cookie;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use SessionHandlerInterface;
+
+class SessionMiddleware implements MiddlewareInterface
+{
+    /**
+     * Cookie 过期时间【+9小时，实际1小时后过期，和时区有关】.
+     */
+    protected int $expires = 9 * 3600;
+
+    protected string $name = 'MAXPHP_SESSION_ID';
+
+    protected bool $httponly = true;
+
+    protected string $path = '/';
+
+    protected string $domain = '';
+
+    protected bool $secure = true;
+
+    /**
+     * @var mixed|SessionHandlerInterface
+     */
+    protected SessionHandlerInterface $handler;
+
+    public function __construct(ConfigInterface $config)
+    {
+        $config        = $config->get('session');
+        $name          = $config['default'];
+        $config        = $config['stores'][$name];
+        $handler       = $config['handler'];
+        $options       = $config['options'];
+        $this->handler = new $handler($options);
+    }
+
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $session = new Session($this->handler);
+        $session->start($request->getCookieParams()[strtoupper($this->name)] ?? null);
+        $request  = $request->withAttribute('Max\Session\Session', $session);
+        $response = $handler->handle($request);
+        $session->save();
+        $session->close();
+        $cookie = new Cookie($this->name, $session->getId(), time() + $this->expires, $this->path, $this->domain, $this->secure, $this->httponly);
+
+        return $response->withAddedHeader('Set-Cookie', $cookie->__toString());
+    }
+}