Fixed a KeyError on login with legacy sessions; refs #21649.

Thanks Loic for the report.

django/contrib/auth/__init__.py

@@ -86,7 +86,7 @@ def login(request, user):
     if SESSION_KEY in request.session:
         if request.session[SESSION_KEY] != user.pk or (
                 session_auth_hash and
-                request.session[HASH_SESSION_KEY] != session_auth_hash):
+                request.session.get(HASH_SESSION_KEY) != session_auth_hash):
             # To avoid reusing another user's session, create a new, empty
             # session if the existing session corresponds to a different
             # authenticated user.

django/contrib/auth/tests/test_views.py

@@ -594,6 +594,22 @@ class LoginTest(AuthViewsTestCase):
         self.login(password='foobar')
         self.assertNotEqual(original_session_key, self.client.session.session_key)
 
+    def test_login_session_without_hash_session_key(self):
+        """
+        Session without django.contrib.auth.HASH_SESSION_KEY should login
+        without an exception.
+        """
+        user = User.objects.get(username='testclient')
+        engine = import_module(settings.SESSION_ENGINE)
+        session = engine.SessionStore()
+        session[SESSION_KEY] = user.id
+        session.save()
+        original_session_key = session.session_key
+        self.client.cookies[settings.SESSION_COOKIE_NAME] = original_session_key
+
+        self.login()
+        self.assertNotEqual(original_session_key, self.client.session.session_key)
+
 
 @skipIfCustomUser
 class LoginURLSettings(AuthViewsTestCase):