diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0b8709c..d939304 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,19 @@
 # Matemat Changelog
 
+<!-- BEGIN RELEASE v0.4.1 -->
+## Version 0.4.1
+
+Security Fix & minor UI fixes
+
+### Changes
+
+<!-- BEGIN CHANGES 0.4.1 -->
+- fix: session id shared between all sessions
+- fix: minor css fixes
+<!-- END CHANGES 0.4.1 -->
+
+<!-- END RELEASE v0.4.1 -->
+
 <!-- BEGIN RELEASE v0.4.0 -->
 ## Version 0.4.0
 
diff --git a/matemat/__init__.py b/matemat/__init__.py
index 652a8f4..489c7e1 100644
--- a/matemat/__init__.py
+++ b/matemat/__init__.py
@@ -1,2 +1,2 @@
 
-__version__ = '0.4.0'
+__version__ = '0.4.1'
diff --git a/matemat/webserver/session/sessions.py b/matemat/webserver/session/sessions.py
index 0837055..103fff7 100644
--- a/matemat/webserver/session/sessions.py
+++ b/matemat/webserver/session/sessions.py
@@ -20,9 +20,9 @@ def start() -> str:
 
     :return: The session ID.
     """
-    if hasattr(response, 'session_id'):
+    if 'session_id' in request.environ:
         # A session has already been created while handling the same request
-        return response.session_id
+        return request.environ['session_id']
     # Reference date for session timeout
     now = datetime.now(UTC)
     # Read the client's session ID, if any
@@ -46,9 +46,9 @@ def start() -> str:
             (now + timedelta(seconds=_SESSION_TIMEOUT), __session_vars[session_id][1])
     # Return the session ID and timeout
     response.set_cookie(_COOKIE_NAME, session_id, secret=__key)
-    # Piggy-back the session id onto the response object so that we don't create another session
+    # Piggy-back the session id onto the request object so that we don't create another session
     # in subsequent calls to start() while handling the same request.
-    response.session_id = session_id
+    request.environ['session_id'] = session_id
     return session_id
 
 
diff --git a/static/css/matemat.css b/static/css/matemat.css
index 706bd26..235b1f0 100644
--- a/static/css/matemat.css
+++ b/static/css/matemat.css
@@ -233,3 +233,9 @@
 .card-img-overlay span {
     padding: .5em;
 }
+
+.card-header {
+    overflow: hidden;
+    white-space: nowrap;
+    text-overflow: ellipsis;
+}
diff --git a/templates/productlist.html b/templates/productlist.html
index a02e4ef..be6271b 100644
--- a/templates/productlist.html
+++ b/templates/productlist.html
@@ -8,10 +8,10 @@
   <p>
     Your balance: <strong>{{ authuser.balance|chf }}</strong>
   </p>
-<p id="depositlist">
+<div id="depositlist">
   <a class="btn btn-primary me-2" href="/deposit?n=100">Deposit CHF 1</a>
   <a class="btn btn-primary me-2" href="/deposit?n=1000">Deposit CHF 10</a>
-</p>
+</div>
 <div id="deposit-wrapper">
   <div id="deposit-input">
     <div id="deposit-output">