diff --git a/lib/constants.ts b/lib/constants.ts
index 425d729f..7eef10b1 100644
--- a/lib/constants.ts
+++ b/lib/constants.ts
@@ -147,6 +147,8 @@ export const EVENT_COLORS = [
 export const DOMAIN_REGEX =
   /^(localhost(:[1-9]\d{0,4})?|((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63})$/;
 
+export const SHARE_ID_REGEX = /^[a-zA-Z0-9]{16}$/;
+
 export const DESKTOP_SCREEN_WIDTH = 1920;
 export const LAPTOP_SCREEN_WIDTH = 1024;
 export const MOBILE_SCREEN_WIDTH = 479;
diff --git a/lib/session.ts b/lib/session.ts
index 32f3bdc8..1fedb91b 100644
--- a/lib/session.ts
+++ b/lib/session.ts
@@ -63,6 +63,7 @@ export async function findSession(req: NextApiRequestCollect) {
       subdivision1,
       subdivision2,
       city,
+      ownerId: website.userId,
     };
   }
 
diff --git a/pages/api/websites/[id]/index.ts b/pages/api/websites/[id]/index.ts
index 3f660a91..1d7e4ac3 100644
--- a/pages/api/websites/[id]/index.ts
+++ b/pages/api/websites/[id]/index.ts
@@ -4,6 +4,7 @@ import { Website, NextApiRequestQueryBody } from 'lib/types';
 import { canViewWebsite, canUpdateWebsite, canDeleteWebsite } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
 import { deleteWebsite, getWebsite, updateWebsite } from 'queries';
+import { SHARE_ID_REGEX } from 'lib/constants';
 
 export interface WebsiteRequestQuery {
   id: string;
@@ -43,6 +44,10 @@ export default async (
 
     let website;
 
+    if (shareId && !shareId.match(SHARE_ID_REGEX)) {
+      return serverError(res, 'Invalid share ID.');
+    }
+
     try {
       website = await updateWebsite(websiteId, { name, domain, shareId });
     } catch (e: any) {