Comment 5 for bug 1491117

To reliably reproduce, first log in as "admin" and then use the login form to log in as "demo". Django attempts to determine if the existing session belongs to the same user as the just-authenticated user, and in doing so tries to force the user object's PK to int().

I believe the issue is that Django assumes that the user model PK is an integer, and django-openstack-auth is setting it to a hash string. Unfortunately, as far as I can tell, you can't change the type of the PK from the integer, so it would seem that we need to set the user's PK value to an integer. Exactly what that integer should be could be tricky, though I'm not sure it actually matters at all, since it's not a reference into an actual database.

Setting the User id property to something other than the user_id hash will break all manner of openstack_dashboard code that assumes user.id is the same as user.token.user['id'] - a very rough grep-based estimate shows 105 uses of user.id (and a bunch of those are in tests which will probably need knock-on changes to mocks).

It's really tempting to just monkey-patch django.contrib.auth._get_user_session_key() ...