diff --git a/common/init.go b/common/init.go
index e04612d5..26dd6086 100644
--- a/common/init.go
+++ b/common/init.go
@@ -36,7 +36,11 @@ func init() {
 	// }
 
 	if os.Getenv("SESSION_SECRET") != "" {
-		SessionSecret = os.Getenv("SESSION_SECRET")
+		if os.Getenv("SESSION_SECRET") == "random_string" {
+			SysError("SESSION_SECRET is set to an example value, please change it to a random string.")
+		} else {
+			SessionSecret = os.Getenv("SESSION_SECRET")
+		}
 	}
 	if os.Getenv("SQLITE_PATH") != "" {
 		SQLitePath = os.Getenv("SQLITE_PATH")
diff --git a/controller/relay-text.go b/controller/relay-text.go
index 6ce0dd1d..29b55dae 100644
--- a/controller/relay-text.go
+++ b/controller/relay-text.go
@@ -58,6 +58,9 @@ func relayTextHelper(c *gin.Context, relayMode int) *OpenAIErrorWithStatusCode {
 	if err != nil {
 		return errorWrapper(err, "bind_request_body_failed", http.StatusBadRequest)
 	}
+	if textRequest.MaxTokens < 0 || textRequest.MaxTokens > math.MaxInt32/2 {
+		return errorWrapper(errors.New("max_tokens is invalid"), "invalid_max_tokens", http.StatusBadRequest)
+	}
 	if relayMode == RelayModeModerations && textRequest.Model == "" {
 		textRequest.Model = "text-moderation-latest"
 	}