diff --git a/src/Services/AuthService.php b/src/Services/AuthService.php
index 12aa0e3b..4d396c81 100644
--- a/src/Services/AuthService.php
+++ b/src/Services/AuthService.php
@@ -69,6 +69,9 @@ class AuthService
 		if (!$loginToken)
 			throw new \Exception('Invalid login token.');
 
+		if ($loginToken->purpose != \Szurubooru\Entities\Token::PURPOSE_LOGIN)
+			throw new \Exception('This token is not a login token.');
+
 		$this->loginToken = $loginToken;
 		$this->loggedInUser = $this->userDao->getById($loginToken->additionalData);
 		if (!$this->loggedInUser)
diff --git a/tests/Services/AuthServiceTest.php b/tests/Services/AuthServiceTest.php
index 796a0130..9f1583c6 100644
--- a/tests/Services/AuthServiceTest.php
+++ b/tests/Services/AuthServiceTest.php
@@ -80,6 +80,7 @@ class AuthServiceTest extends \Szurubooru\Tests\AbstractTestCase
 		$testToken = new \Szurubooru\Entities\Token();
 		$testToken->name = 'dummy_token';
 		$testToken->additionalData = $testUser->id;
+		$testToken->purpose = \Szurubooru\Entities\Token::PURPOSE_LOGIN;
 		$this->tokenDaoMock->expects($this->once())->method('getByName')->willReturn($testToken);
 
 		$authService = $this->getAuthService();