diff --git a/core/modules/user/user.pages.inc b/core/modules/user/user.pages.inc
index 22d221a..709a99a 100644
--- a/core/modules/user/user.pages.inc
+++ b/core/modules/user/user.pages.inc
@@ -25,7 +25,19 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
   if ($user->isAuthenticated()) {
     // The existing user is already logged in.
     if ($user->id() == $uid) {
-      drupal_set_message(t('You are logged in as %user. <a href="!user_edit">Change your password.</a>', array('%user' => $user->getUsername(), '!user_edit' => url("user/" . $user->id() . "/edit"))));
+      // The user is already logged in, but is shown a message inviting them to
+      // change their password, since that may be their intent. Let the user's
+      // password be changed without the current password check, as even though
+      // they are logged in, they may not know it.
+      // See https://drupal.org/node/889772 for background.
+      $token = Crypt::randomBytesBase64(55);
+      $_SESSION['pass_reset_' . $user->id()] = $token;
+      drupal_set_message(t('You are logged in as %user. <a href="!user_edit">Change your password.</a>', array(
+        '%user' => $user->getUsername(),
+        '!user_edit' => url("user/" . $user->id() . "/edit", array(
+          'query' => array('pass-reset-token' => $token),
+        )),
+      )));
     }
     // A different user is already logged in on the computer.
     else {