On Dec 15, 8:59 am, Sergiy Kuzmenko <[email protected]> wrote: > I wonder if there is a particular reason why last_login field of is not > defined as "null=True"? It makes sense to me to have it as null which would > mean that the user never logged in. Could there be any dependencies relying > on this field not being null?
I came across one today: contrib.auth.tokens.PasswordResetTokenGenerator has a method _make_token_with_timestamp, which uses last_login to create the token. This means that if someone generates a password reset request, the token will be invalidated if that user then logs in. This could occur if a person creates password reset requests for a user that is not themself. Matt. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
