diff --git a/djangosaml2/backends.py b/djangosaml2/backends.py
index 06b8bf8..ad4d5fa 100644
--- a/djangosaml2/backends.py
+++ b/djangosaml2/backends.py
@@ -263,7 +263,7 @@ def get_or_create_user(
         attribute_mapping: dict,
         request,
     ) -> tuple[Optional[settings.AUTH_USER_MODEL], bool]:
-        """Look up the user to authenticate. If he doesn't exist, this method creates him (if so desired).
+        """Look up the user to authenticate. If they doesn't exist, this method creates them (if so desired).
         The default implementation looks only at the user_identifier. Override this method in order to do more complex behaviour,
         e.g. customize this per IdP.
         """
@@ -277,7 +277,6 @@ def get_or_create_user(
             ): user_lookup_value
         }
 
-        # Lookup existing user
         # Lookup existing user
         user, created = None, False
         try:
diff --git a/djangosaml2/cache.py b/djangosaml2/cache.py
index b3d31fc..546df55 100644
--- a/djangosaml2/cache.py
+++ b/djangosaml2/cache.py
@@ -72,7 +72,7 @@ class IdentityCache(Cache):
     logged in.
 
     This information is useful because when the user logs out we must
-    know where does he come from in order to notify such IdP/AA.
+    know where does they come from in order to notify such IdP/AA.
 
     The current implementation stores this information in the Django session.
     """
diff --git a/djangosaml2/views.py b/djangosaml2/views.py
index 245caa1..0d1180a 100644
--- a/djangosaml2/views.py
+++ b/djangosaml2/views.py
@@ -189,10 +189,10 @@ def add_idp_hinting(self, http_response):
 
     def should_prevent_auth(self, request) -> bool:
         # If the user is already authenticated that maybe because of two reasons:
-        # A) He has this URL in two browser windows and in the other one he
-        #    has already initiated the authenticated session.
-        # B) He comes from a view that (incorrectly) send him here because
-        #    he does not have enough permissions. That view should have shown
+        # A) They have this URL in two browser windows and in the other one they
+        #    have already initiated the authenticated session.
+        # B) They comes from a view that (incorrectly) sends them here because
+        #    they do not have enough permissions. That view should have shown
         #    an authorization error in the first place.
         return request.user.is_authenticated