diff --git a/www/api/announcements.go b/www/api/announcements.go
index b796829..4200ee6 100644
--- a/www/api/announcements.go
+++ b/www/api/announcements.go
@@ -160,7 +160,7 @@ func CreateAnnouncement(w http.ResponseWriter, r *http.Request) {
 		}
 		defer file.Close()
 
-		dst, err := os.Create(fmt.Sprintf("%s/%s", uploadDir, fileHeader.Filename))
+		dst, err := SafeCreate(uploadDir, fileHeader.Filename)
 		if err != nil {
 			WriteJSON(w, http.StatusInternalServerError, map[string]any{"error": "Failed to create file on disk"})
 			return
diff --git a/www/api/authentication.go b/www/api/authentication.go
index 29f96ad..fd93024 100644
--- a/www/api/authentication.go
+++ b/www/api/authentication.go
@@ -168,6 +168,15 @@ func Authenticate(w http.ResponseWriter, r *http.Request) (string, []string) {
 
 	if err != nil {
 		slog.Error(err.Error())
+		http.SetCookie(w, &http.Cookie{
+			Name:     COOKIENAME,
+			Value:    "",
+			MaxAge:   -1,
+			HttpOnly: true,
+			Secure:   cookieSecure(),
+			SameSite: http.SameSiteLaxMode,
+			Path:     "/",
+		})
 		return "", nil
 	}
 
diff --git a/www/api/injects.go b/www/api/injects.go
index 3e3397e..b5eaf70 100644
--- a/www/api/injects.go
+++ b/www/api/injects.go
@@ -193,7 +193,7 @@ func CreateInject(w http.ResponseWriter, r *http.Request) {
 		}
 		defer file.Close()
 
-		dst, err := os.Create(fmt.Sprintf("%s/%s", uploadDir, fileHeader.Filename))
+		dst, err := SafeCreate(uploadDir, fileHeader.Filename)
 		if err != nil {
 			WriteJSON(w, http.StatusInternalServerError, map[string]any{"error": "Failed to create file on disk"})
 			return
@@ -324,7 +324,7 @@ func UpdateInject(w http.ResponseWriter, r *http.Request) {
 			}
 			defer file.Close()
 
-			dst, err := os.Create(fmt.Sprintf("%s/%s", uploadDir, fileHeader.Filename))
+			dst, err := SafeCreate(uploadDir, fileHeader.Filename)
 			if err != nil {
 				WriteJSON(w, http.StatusInternalServerError, map[string]any{"error": "Failed to create file on disk"})
 				return