diff --git a/ihatemoney/web.py b/ihatemoney/web.py
index 47df3f49..5af15e08 100644
--- a/ihatemoney/web.py
+++ b/ihatemoney/web.py
@@ -206,10 +206,13 @@ def authenticate(project_id=None):
     # Try to get project_id from token first
     token = request.args.get("token")
     if token:
-        project_id = Project.verify_token(
+        verified_project_id = Project.verify_token(
             token, token_type="auth", project_id=project_id
         )
-        token_auth = True
+        if verified_project_id == project_id:
+            token_auth = True
+        else:
+            project_id = None
     else:
         token_auth = False
     if project_id is None: