The lastLoginTime of an account is only updated if the repository has stale account aging or password aging enabled. The update of the lastLoginTime on login requires a commit, which is not always desireable.
As a result, if a stale account age limit is set in a repository that did not previously have either check, the lastLoginTime of accounts that log in frequently may be still set to a date well in the past, which results in the account being disabled immediately.
Decisions to enable or disabled account and password aging should be done with forethought, in any case.
If you are setting the stale account age limit on a repository that has been in use, then you should send lastLoginTime: to each UserProfile, to initialize the lastLoginTime correctly. The method lastLoginTime: was added in version 6.6
To turn on account aging safely on versions prior to 6.6, an initial period with the stale account age limit set to a large value, or with password age check enabled but not account age limits, will allow accounts time to login in with updates to the lastLoginTime.
Last updated: 4/9/12