diff --git a/django/contrib/admin/views/decorators.py b/django/contrib/admin/views/decorators.py
index fce50909f0..9dfe651fe6 100644
--- a/django/contrib/admin/views/decorators.py
+++ b/django/contrib/admin/views/decorators.py
@@ -87,7 +87,7 @@ def staff_member_required(view_func):
 
         # The user data is correct; log in the user in and continue.
         else:
-            if user.is_staff:
+            if user.is_active and user.is_staff:
                 login(request, user)
                 # TODO: set last_login with an event.
                 user.last_login = datetime.datetime.now()
diff --git a/docs/authentication.txt b/docs/authentication.txt
index 6d345adaec..a6ea2b7b02 100644
--- a/docs/authentication.txt
+++ b/docs/authentication.txt
@@ -66,8 +66,8 @@ Fields
       long and can contain any character. See the "Passwords" section below.
     * ``is_staff`` -- Boolean. Designates whether this user can access the
       admin site.
-    * ``is_active`` -- Boolean. Designates whether this user can log into the
-      Django admin. Set this to ``False`` instead of deleting accounts.
+    * ``is_active`` -- Boolean. Designates whether this account can be used
+      to log in. Set this flag to ``False`` instead of deleting accounts.
     * ``is_superuser`` -- Boolean. Designates that this user has all permissions
       without explicitly assigning them.
     * ``last_login`` -- A datetime of the user's last login. Is set to the