diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc
index 7d40663..f77bc16 100644
--- a/modules/user/user.pages.inc
+++ b/modules/user/user.pages.inc
@@ -98,7 +98,16 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
   if ($user->uid) {
     // The existing user is already logged in.
     if ($user->uid == $uid) {
-      drupal_set_message(t('You are logged in as %user. <a href="!user_edit">Change your password.</a>', array('%user' => $user->name, '!user_edit' => url("user/$user->uid/edit"))));
+      // The user is already logged in, but is shown a message inviting them to
+      // change their password, since that may be their intent. Let the user's
+      // password be changed without the current password check, as even though
+      // they are logged in, they may not know it.
+      $token = drupal_random_key();
+      $_SESSION['pass_reset_' . $user->uid] = $token;
+      drupal_set_message(t('You are logged in as %user. <a href="!user_edit">Change your password.</a>', array(
+        '%user' => $user->name,
+        '!user_edit' => url("user/$user->uid/edit", array('query' => array('pass-reset-token' => $token))),
+      )));
     }
     // A different user is already logged in on the computer.
     else {