diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index 6c0c8abe97..f5f622665c 100644
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -1,4 +1,5 @@
 from django.contrib.auth.models import User
+from django.contrib.auth import authenticate
 from django.contrib.sites.models import Site
 from django.template import Context, loader
 from django.core import validators
@@ -20,8 +21,7 @@ class AuthenticationForm(forms.Manipulator):
         self.fields = [
             forms.TextField(field_name="username", length=15, maxlength=30, is_required=True,
                 validator_list=[self.isValidUser, self.hasCookiesEnabled]),
-            forms.PasswordField(field_name="password", length=15, maxlength=30, is_required=True,
-                validator_list=[self.isValidPasswordForUser]),
+            forms.PasswordField(field_name="password", length=15, maxlength=30, is_required=True),
         ]
         self.user_cache = None
 
@@ -30,14 +30,10 @@ class AuthenticationForm(forms.Manipulator):
             raise validators.ValidationError, _("Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in.")
 
     def isValidUser(self, field_data, all_data):
-        try:
-            self.user_cache = User.objects.get(username=field_data)
-        except User.DoesNotExist:
-            raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.")
-
-    def isValidPasswordForUser(self, field_data, all_data):
-        if self.user_cache is not None and not self.user_cache.check_password(field_data):
-            self.user_cache = None
+        username = field_data
+        password = all_data.get('password', None)
+        self.user_cache = authenticate(username=username, password=password)
+        if self.user_cache is None:
             raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.")
 
     def get_user_id(self):
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index f919f82419..96c97241c1 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -3,7 +3,6 @@ from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm
 from django import forms
 from django.shortcuts import render_to_response
 from django.template import RequestContext
-from django.contrib.auth.models import SESSION_KEY
 from django.contrib.sites.models import Site
 from django.http import HttpResponse, HttpResponseRedirect
 from django.contrib.auth.decorators import login_required
@@ -19,7 +18,8 @@ def login(request):
             # Light security check -- make sure redirect_to isn't garbage.
             if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
                 redirect_to = '/accounts/profile/'
-            request.session[SESSION_KEY] = manipulator.get_user_id()
+            from django.contrib.auth import login
+            login(request, manipulator.get_user())
             request.session.delete_test_cookie()
             return HttpResponseRedirect(redirect_to)
     else:
@@ -33,8 +33,9 @@ def login(request):
 
 def logout(request, next_page=None):
     "Logs out the user and displays 'You are logged out' message."
+    from django.contrib.auth import logout
     try:
-        del request.session[SESSION_KEY]
+        logout(request)
     except KeyError:
         return render_to_response('registration/logged_out.html', {'title': 'Logged out'}, context_instance=RequestContext(request))
     else: