On Dec 15, 8:59 am, Sergiy Kuzmenko <s.kuzme...@gmail.com> wrote: > I wonder if there is a particular reason why last_login field of is not > defined as "null=True"? It makes sense to me to have it as null which would > mean that the user never logged in. Could there be any dependencies relying > on this field not being null?
I came across one today: contrib.auth.tokens.PasswordResetTokenGenerator has a method _make_token_with_timestamp, which uses last_login to create the token. This means that if someone generates a password reset request, the token will be invalidated if that user then logs in. This could occur if a person creates password reset requests for a user that is not themself. Matt. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
