diff --git a/django/contrib/auth/tests/tokens.py b/django/contrib/auth/tests/tokens.py
index 6d3a964fe7..03cc1e3c11 100644
--- a/django/contrib/auth/tests/tokens.py
+++ b/django/contrib/auth/tests/tokens.py
@@ -8,6 +8,14 @@ TOKEN_GENERATOR_TESTS = """
 >>> p0.check_token(u, tk1)
 True
 
+>>> u = User.objects.create_user('comebackkid', 'test3@example.com', 'testpw')
+>>> p0 = PasswordResetTokenGenerator()
+>>> tk1 = p0.make_token(u)
+>>> reload = User.objects.get(username='comebackkid')
+>>> tk2 = p0.make_token(reload)
+>>> tk1 == tk2
+True
+
 Tests to ensure we can use the token after n days, but no greater.
 Use a mocked version of PasswordResetTokenGenerator so we can change
 the value of 'today'
diff --git a/django/contrib/auth/tokens.py b/django/contrib/auth/tokens.py
index b5704dda34..f61f52d903 100644
--- a/django/contrib/auth/tokens.py
+++ b/django/contrib/auth/tokens.py
@@ -52,7 +52,7 @@ class PasswordResetTokenGenerator(object):
         # We limit the hash to 20 chars to keep URL short
         from django.utils.hashcompat import sha_constructor
         hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
-                               user.password + unicode(user.last_login) +
+                               user.password + user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
                                unicode(timestamp)).hexdigest()[::2]
         return "%s-%s" % (ts_b36, hash)