diff --git a/backend/globaleaks/utils/token.py b/backend/globaleaks/utils/token.py
index db9eb032ad..869379e525 100644
--- a/backend/globaleaks/utils/token.py
+++ b/backend/globaleaks/utils/token.py
@@ -21,11 +21,9 @@ def serialize(self):
             'complexity': 4
         }
 
-    def validate(self, token_answer):
+    def validate(self, answer):
         try:
-            key, answer = token_answer.split(b":")
-
-            if not sha256(key + answer).endswith(b'00'):
+            if not sha256(self.id + answer).endswith(b'00'):
                 raise errors.InternalServerError("TokenFailure: Invalid Token")
         except:
             raise errors.InternalServerError("TokenFailure: Invalid token")
@@ -49,11 +47,11 @@ def get(self, key):
 
         return ret
 
-    def validate(self, token_answer):
+    def validate(self, answer):
         try:
-            key, answer = token_answer.split(b":")
+            key, answer = answer.split(b":")
             token = self.pop(key)
-            token.validate(token_answer)
+            token.validate(answer)
         except:
             raise errors.InternalServerError("TokenFailure: Invalid token")