diff --git a/simple_pass_reset.module b/simple_pass_reset.module
index cf72f08..bcbab26 100644
--- a/simple_pass_reset.module
+++ b/simple_pass_reset.module
@@ -74,6 +74,8 @@ function simple_pass_reset_pass_reset_page($uid, $timestamp, $hashed_pass, $opti
 
 /**
  * Implements hook_form_FORM_ID_alter().
+ *
+ * @see user_profile_form()
  */
 function simple_pass_reset_form_user_profile_form_alter(&$form, &$form_state) {
   // Don't alter the normal profile edit form, but only the password reset form.
@@ -138,17 +140,20 @@ function simple_pass_reset_form_user_profile_form_alter(&$form, &$form_state) {
  */
 function simple_pass_reset_pass_reset_submit($form, &$form_state) {
   if (!user_is_logged_in()) { // Sanity check.
-    // Remove roles that were disabled in the form. Normally user_module will array_filter() these out for us.  But remember_me and possibly other modules have bugs that might prevent user.module from doing that.
+    // Remove roles that were disabled in the form. Normally the User module
+    // will array_filter() these out for us.  But remember_me and possibly other
+    // modules have bugs that might prevent it from doing so.
     if (!empty($form_state['user']->roles)) {
       $form_state['user']->roles = array_filter($form_state['user']->roles);
     }
 
-    // This logic copied from user_pass_reset().
-    $account = $form_state['user'];
-    $GLOBALS['user'] = $form_state['user'];
+    // Load the user account afresh and finalize the login.
+    // @see user_login_submit()
+    global $user;
+    $user = user_load($form_state['user']->uid);
     user_login_finalize();
 
-    watchdog('user', 'User %name used one-time login link.', array('%name' => $account->name));
+    watchdog('user', 'User %name used one-time login link.', array('%name' => $user->name));
 
     if(empty($form_state['redirect'])) {
       $form_state['redirect'] = 'user';