diff --git a/bpf/kmesh/workload/include/xdp.h b/bpf/kmesh/workload/include/xdp.h
index 7cc1eae5b..b864f20fd 100644
--- a/bpf/kmesh/workload/include/xdp.h
+++ b/bpf/kmesh/workload/include/xdp.h
@@ -10,8 +10,6 @@
 #define PARSER_FAILED 1
 #define PARSER_SUCC   0
 
-#define AUTH_BY_XDP 1
-
 struct xdp_info {
     struct ethhdr *ethh;
     union {
diff --git a/bpf/kmesh/workload/xdp.c b/bpf/kmesh/workload/xdp.c
index 97a8ae120..71f4e5c08 100644
--- a/bpf/kmesh/workload/xdp.c
+++ b/bpf/kmesh/workload/xdp.c
@@ -186,7 +186,6 @@ int xdp_shutdown(struct xdp_md *ctx)
 
     // never failed
     parser_tuple(&info, &tuple_info);
-#ifdef AUTH_BY_XDP
     // Before the authentication types supported by eBPF XDP are fully implemented,
     // this section only processes AUTH_DENY. If get AUTH_ALLOW,
     // it will still depend on the user-space authentication process to match other rule types.
@@ -194,7 +193,6 @@ int xdp_shutdown(struct xdp_md *ctx)
         return xdp_deny_packet(&info, &tuple_info);
     }
 
-#endif
     if (should_shutdown(&info, &tuple_info) == AUTH_FORBID)
         shutdown_tuple(&info);
 
diff --git a/pkg/controller/workload/workload_processor.go b/pkg/controller/workload/workload_processor.go
index 689e022ac..3ef24d71f 100644
--- a/pkg/controller/workload/workload_processor.go
+++ b/pkg/controller/workload/workload_processor.go
@@ -107,7 +107,6 @@ func (p *Processor) processWorkloadResponse(rsp *service_discovery_v3.DeltaDisco
 	if err != nil {
 		log.Error(err)
 	}
-	kmeshbpf.SetStartType(kmeshbpf.Normal)
 }
 
 func (p *Processor) deletePodFrontendData(uid uint32) error {
@@ -673,7 +672,9 @@ func (p *Processor) handleAuthorizationTypeResponse(rsp *service_discovery_v3.De
 		log.Debugf("remove authorization policy %s", resourceName)
 	}
 
-	p.handleRemovedAuthzPolicyDuringRestart(rbac)
+	p.once.Do(func() {
+		p.handleRemovedAuthzPolicyDuringRestart(rbac)
+	})
 	return nil
 }
 
@@ -685,10 +686,6 @@ func (p *Processor) handleRemovedAuthzPolicyDuringRestart(rbac *auth.Rbac) {
 		policyValue = security_v2.Authorization{}
 	)
 
-	if kmeshbpf.GetStartType() != kmeshbpf.Restart {
-		return
-	}
-
 	log.Infof("reload authz config from last epoch")
 	/* We traverse hashName, if there is a record exists in bpf map
 	 * but not in usercache, that means the data in the bpf map load
@@ -698,7 +695,6 @@ func (p *Processor) handleRemovedAuthzPolicyDuringRestart(rbac *auth.Rbac) {
 	policyCache := rbac.GetAllPolicies()
 	for str, num := range p.hashName.strToNum {
 		if _, exists := policyCache[str]; !exists {
-			log.Debugf("policyCache[%v] not exists", str)
 			if err := maps_v2.AuthorizationLookup(num, &policyValue); err == nil {
 				log.Debugf("Find policy: [%v:%v] Remove authz policy", str, num)
 				if err := maps_v2.AuthorizationDelete(num); err != nil {