diff --git a/django/contrib/admin/views/decorators.py b/django/contrib/admin/views/decorators.py
index 4e65f87669..5ddc17fa85 100644
--- a/django/contrib/admin/views/decorators.py
+++ b/django/contrib/admin/views/decorators.py
@@ -3,7 +3,7 @@ from django.conf.settings import SECRET_KEY
 from django.models.auth import users
 from django.utils import httpwrappers
 from django.utils.translation import gettext_lazy
-import base64, md5
+import base64, datetime, md5
 import cPickle as pickle
 
 ERROR_MESSAGE = gettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.")
@@ -47,6 +47,10 @@ def staff_member_required(view_func):
     def _checklogin(request, *args, **kwargs):
         if not request.user.is_anonymous() and request.user.is_staff:
             # The user is valid. Continue to the admin page.
+            if request.POST.has_key('post_data'):
+                # User must have re-authenticated through a different window
+                # or tab.
+                request.POST = _decode_post_data(request.POST['post_data'])
             return view_func(request, *args, **kwargs)
 
         assert hasattr(request, 'session'), "The Django admin requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.middleware.sessions.SessionMiddleware'."
@@ -84,6 +88,8 @@ def staff_member_required(view_func):
         else:
             if user.check_password(request.POST.get('password', '')):
                 request.session[users.SESSION_KEY] = user.id
+                user.last_login = datetime.datetime.now()
+                user.save()
                 if request.POST.has_key('post_data'):
                     post_data = _decode_post_data(request.POST['post_data'])
                     if post_data and not post_data.has_key(LOGIN_FORM_KEY):