if your password is "password" and before saving it, becomes a 40 chars length (sha1) hash, then in database, you will save the generated hash. But, when updating a user, $this->password is already hashed, but you are hashing it again in beforeSave(), so this leads to a hash of the previous hashed password which leads to users unable to login.
Hi there. I was having exactly the same problem. I’m not 100% sure what the core of the problem was, but I think it was something to do with the order in which objects were initialised. I was able to solve it by initialising the WebUser object (check Yii::app()->user->isGuest) at the very start of your action. For some odd reason it was giving me two sessions with the same ID and same key prefix.
I was trying to log in after the registration, but this wasn’t shown on other pages. Meanwhile, a check to see if I was logged in right before I tried to log in again after registering again showed that I was still logged in.
Anyhow, hope this helps. Anyone who knows the core code a little better care to hazard a guess where the actual error might be happening? I printed out the Session ID and key prefix in both cases and they were the same. Note that I’m using enableCookieValidation, if that matters, and also using a SOAP call to insert the user’s details into an external database.