diff --git a/ihatemoney/models.py b/ihatemoney/models.py
index 2a4cf3a4..0de2011a 100644
--- a/ihatemoney/models.py
+++ b/ihatemoney/models.py
@@ -378,7 +378,7 @@ class Project(db.Model):
             )
             loads_kwargs["max_age"] = max_age
         else:
-            project = Project.query.get(project_id)
+            project = Project.query.get(project_id) if project_id is not None else None
             password = project.password if project is not None else ""
             serializer = URLSafeSerializer(
                 current_app.config["SECRET_KEY"] + password, salt=token_type
diff --git a/ihatemoney/tests/budget_test.py b/ihatemoney/tests/budget_test.py
index 6c858124..c0d03d28 100644
--- a/ihatemoney/tests/budget_test.py
+++ b/ihatemoney/tests/budget_test.py
@@ -4,6 +4,8 @@ import json
 import re
 from time import sleep
 import unittest
+from unittest.mock import MagicMock
+from urllib.parse import urlparse, urlencode, parse_qs, urlunparse
 
 from flask import session
 from markupsafe import Markup
@@ -88,6 +90,13 @@ class BudgetTestCase(IhatemoneyTestCase):
         )
         # Test empty and invalid tokens
         self.client.get("/exit")
+        # Use another project_id
+        parsed_url = urlparse(url)
+        query = parse_qs(parsed_url.query)
+        query['project_id'] = 'invalid'
+        resp = self.client.get(urlunparse(parsed_url._replace(query=urlencode(query, doseq=True))))
+        assert "You either provided a bad token" in resp.data.decode("utf-8")
+
         resp = self.client.get("/authenticate")
         self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
         resp = self.client.get("/authenticate?token=token")