diff --git a/doc/todo.md b/doc/todo.md
index 43d4cc8..c8ed0a1 100644
--- a/doc/todo.md
+++ b/doc/todo.md
@@ -21,3 +21,4 @@
 * Make hotkey configuration a little more tolerant of slight mistiming
 * Distinguish between request that was denied and request that was canceled (e.g. due to error)
 * Use atomic types for primitive state values instead of RwLock'd types
+* Rework approval flow to be a fullscreen overlay instead of mixing with normal navigation (as more views are added the pain of the current situation will only increase)
diff --git a/package.json b/package.json
index 63d41ab..8c8de8f 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "creddy",
-  "version": "0.4.6",
+  "version": "0.4.7",
   "scripts": {
     "dev": "vite",
     "build": "vite build",
diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml
index bcfdd75..34dfeae 100644
--- a/src-tauri/Cargo.toml
+++ b/src-tauri/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "creddy"
-version = "0.4.6"
+version = "0.4.7"
 description = "A friendly AWS credentials manager"
 authors = ["Joseph Montanaro"]
 license = ""
diff --git a/src-tauri/src/errors.rs b/src-tauri/src/errors.rs
index 3621887..ed5102b 100644
--- a/src-tauri/src/errors.rs
+++ b/src-tauri/src/errors.rs
@@ -223,7 +223,7 @@ pub enum GetSessionError {
     EmptyResponse, // SDK returned successfully but credentials are None
     #[error("Error response from AWS SDK: {0}")]
     SdkError(#[from] AwsSdkError<GetSessionTokenError>),
-    #[error("Could not construt session: credentials are locked")]
+    #[error("Could not construct session: credentials are locked")]
     CredentialsLocked,
     #[error("Could not construct session: no credentials are known")]
     CredentialsEmpty,
diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json
index 0b64028..9b004c2 100644
--- a/src-tauri/tauri.conf.json
+++ b/src-tauri/tauri.conf.json
@@ -8,7 +8,7 @@
   },
   "package": {
     "productName": "creddy",
-    "version": "0.4.6"
+    "version": "0.4.7"
   },
   "tauri": {
     "allowlist": {
diff --git a/src/App.svelte b/src/App.svelte
index d499700..ffb22b7 100644
--- a/src/App.svelte
+++ b/src/App.svelte
@@ -22,7 +22,7 @@ listen('credentials-request', (tauriEvent) => {
 listen('request-cancelled', (tauriEvent) => {
     const id = tauriEvent.payload;
     if (id === $appState.currentRequest?.id) {
-        cleanupRequest()
+        cleanupRequest();
     }
     else {
         const found = $appState.pendingRequests.find_remove(r => r.id === id);
diff --git a/src/views/Approve.svelte b/src/views/Approve.svelte
index a8959f1..bab1906 100644
--- a/src/views/Approve.svelte
+++ b/src/views/Approve.svelte
@@ -43,13 +43,6 @@
         }
     }
 
-    function approve_base() {
-        approve(true);
-    }
-    function approve_session() {
-        approve(false);
-    }
-
     // Denial has only one
     async function deny() {
         $appState.currentRequest.response = {approval: 'Denied', base: false};
diff --git a/src/views/Unlock.svelte b/src/views/Unlock.svelte
index bbd2aec..e31047a 100644
--- a/src/views/Unlock.svelte
+++ b/src/views/Unlock.svelte
@@ -55,7 +55,14 @@
 
     function cancel() {
         emit('credentials-event', 'unlock-canceled');
-        navigate('Home');
+        if ($appState.currentRequest !== null) {
+            // dirty hack to prevent spurious error when returning to approve screen
+            delete $appState.currentRequest.response;
+            navigate('Approve');
+        }
+        else {
+            navigate('Home');
+        }
     }
 
     onMount(() => {