tornado登陆跳转问题 用ajax提交post请求

用ajax提交post请求后通过验证服务器返回跳转地址，然后又莫名出现了get请求跳回login页面。服务器log如下：

 [I 170208 15:58:10 web:1971] 200 GET /login (::1) 2.00ms
test1 123456
[I 170208 15:58:19 web:1971] 302 POST /login (::1) 3.00ms
[I 170208 15:58:19 web:1971] 304 GET / (::1) 2.00ms
[I 170208 15:58:19 web:1971] 200 GET /login?_xsrf=2%7Ceaa8943a%7C09432d5ffa3cd4bc80fe8232a2f5e89e%7C1486526704 (::1) 2.00ms

很好奇?_xsrf=27C09432d5ffa3cd4bc80fe8232a2f5e89e%7C148如何添加进去的

index.py

 #!/usr/bin/env Python
# coding=utf-8

import tornado.escape
import methods.db as mrd
from handlers.base import BaseHandler

class LoginHandler(BaseHandler):
    def get(self):
        self.render('login.html')

    def post(self):
        username = self.get_argument("username")
        password = self.get_argument("password")
        print(username,password)
        user_infos = mrd.select_table(table="users",column="*",condition="username",value=username)
        if user_infos:
            db_pwd = user_infos[0][2]
            if db_pwd == password:
                self.set_current_user(username)
                self.redirect("/")
            else:
                self.write("2")
        else:
            self.write("1")

    def set_current_user(self, user):
        print(user)
        if user:
            self.set_secure_cookie('user', tornado.escape.json_encode(user))#注意这里使用了 tornado.escape.json_encode() 方法
            #print(tornado.escape.json_decode(self.current_user))
        else:
            self.clear_cookie("user")


class WelcomeHandler(BaseHandler):
    @tornado.web.authenticated
    def get(self):
        username = tornado.escape.json_decode(self.current_user)
        self.render('index.html', user=username)
        print(username)

login.html

 <!DOCTYPE html>
<html lang="zh-cn">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">

    <!-- Bootstrap CSS -->
    <link rel="stylesheet" href="{{static_url("css/bootstrap.min.css")}}" />
    <style>
        body{
            padding: 70px 0;
        }
        .pos_m{
            margin-top: 10%;
            margin-bottom: 10%;
        }
    </style>
  </head>
  <body>
    <div class="container pos_m">
        <div class="row justify-content-center">
            <div class="col-lg-3 col-md-5 col-sm-8 ">
                <form class="form-signin">
                    {% module xsrf_form_html() %}
                    <h2 class="form-signin-heading">Please sign in</h2>
                    <div class="form-group">
                        <label for="InputUserName" class="sr-only">username</label>
                        <input type="text" class="form-control form-control-danger" placeholder="Username" id="username">
                        <label for="InputPassword" class="sr-only">password</label>
                        <input type="password" class="form-control" placeholder="Password" id="password">
                    </div>
                    <div class="checkbox">
                        <label>
                          <input type="checkbox"> Remember me
                        </label>
                    </div>
                    <button type="submit" class="btn btn-primary btn-block" id="login">Submit</button>
                </form>
            </div>
        </div>
    </div>

  </body>
</html>

script.js

  function getCookie(name){
    var x = document.cookie.match("\\b" + name + "=([^;]*)\\b");
    return x ? x[1]:undefined;
}

$(document).ready(function(){
    $("#login").click(function(){
        var user = $("#username").val();
        var pwd = $("#password").val();
        var pd = {"username":user, "password":pwd, "_xsrf":getCookie("_xsrf")};
        $.ajax({
            type:"post",
            url:"/login",
            data:pd,
            cache:false,
            success:function(data){
                alert(data);
            }
        });
    });
});

菜鸟入门 求大神指教，调试一天了，实在不知道问题在哪里。