diff --git a/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php b/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
index af153dd..a2621c9 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
@@ -11,6 +11,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Drupal\Component\Utility\Crypt;
 use Drupal\Component\Utility\String;
+use Drupal\Core\Session\AccountInterface;
 
 /**
  * Ensure that when running under HTTPS two session cookies are generated.
@@ -65,18 +66,11 @@ protected function testHttpsSession() {
 
     // Test HTTPS session handling by altering the form action to submit the
     // login form through https.php, which creates a mock HTTPS request.
-    $this->drupalGet('user');
-    $form = $this->xpath('//form[@id="user-login-form"]');
-    $form[0]['action'] = $this->httpsUrl('user');
-    $edit = array('name' => $user->getUsername(), 'pass' => $user->pass_raw);
-    $this->drupalPostForm(NULL, $edit, t('Log in'));
+    $this->loginHttps($user);
 
     // Test a second concurrent session.
     $this->curlClose();
-    $this->drupalGet('user');
-    $form = $this->xpath('//form[@id="user-login-form"]');
-    $form[0]['action'] = $this->httpsUrl('user');
-    $this->drupalPostForm(NULL, $edit, t('Log in'));
+    $this->loginHttps($user);
 
     // Check secure cookie on secure page.
     $this->assertTrue($this->cookies[$this->secureSessionName]['secure'], 'The secure cookie has the secure attribute');
@@ -108,11 +102,7 @@ protected function testHttpsSession() {
     // login form through http.php, which creates a mock HTTP request on HTTPS
     // test environments.
     $this->curlClose();
-    $this->drupalGet('user');
-    $form = $this->xpath('//form[@id="user-login-form"]');
-    $form[0]['action'] = $this->httpUrl('user');
-    $edit = array('name' => $user->getUsername(), 'pass' => $user->pass_raw);
-    $this->drupalPostForm(NULL, $edit, t('Log in'));
+    $this->loginHttp($user);
     $this->drupalGet($this->httpUrl('admin/config'));
     $this->assertResponse(200);
     $sid = $this->cookies[$this->insecureSessionName]['value'];
@@ -160,19 +150,13 @@ protected function testMixedModeSslSession() {
     $this->drupalGet('user/password');
     $form = $this->xpath('//form[@id="user-pass"]');
     $this->assertNotEqual(substr($form[0]['action'], 0, 6), 'https:', 'Password request form action is not secure');
-    $form[0]['action'] = $this->httpsUrl('user');
 
     // Check that user login form action is secure.
     $this->drupalGet('user');
     $form = $this->xpath('//form[@id="user-login-form"]');
     $this->assertEqual(substr($form[0]['action'], 0, 6), 'https:', 'Login form action is secure');
-    $form[0]['action'] = $this->httpsUrl('user');
 
-    $edit = array(
-      'name' => $user->getUsername(),
-      'pass' => $user->pass_raw,
-    );
-    $this->drupalPostForm(NULL, $edit, t('Log in'));
+    $this->loginHttps($user);
     // Check secure cookie on secure page.
     $this->assertTrue($this->cookies[$this->secureSessionName]['secure'], 'The secure cookie has the secure attribute');
     // Check insecure cookie on secure page.
@@ -220,10 +204,7 @@ protected function testMixedModeSslSession() {
     $this->drupalGet($this->httpsUrl('session-test/set/1'));
 
     // Mock a login to the secure site using the secure session cookie.
-    $this->drupalGet($this->httpsUrl('user'));
-    $form = $this->xpath('//form[@id="user-login-form"]');
-    $form[0]['action'] = $this->httpsUrl('user');
-    $this->drupalPostForm(NULL, $edit, t('Log in'));
+    $this->loginHttps($user);
 
     // Test that the user is also authenticated on the insecure site.
     $this->drupalGet($this->httpUrl("user/" . $user->id() . "/edit"));
@@ -247,10 +228,7 @@ protected function testCsrfTokenWithMixedModeSsl() {
 
     // Login using the HTTPS user-login form.
     $this->drupalGet('user');
-    $form = $this->xpath('//form[@id="user-login-form"]');
-    $form[0]['action'] = $this->httpsUrl('user');
-    $edit = array('name' => $user->getUsername(), 'pass' => $user->pass_raw);
-    $this->drupalPostForm(NULL, $edit, t('Log in'));
+    $this->loginHttps($user);
 
     // Collect session id cookies.
     $sid = $this->cookies[$this->insecureSessionName]['value'];
@@ -282,6 +260,36 @@ protected function testCsrfTokenWithMixedModeSsl() {
   }
 
   /**
+   * Log in a user via HTTP.
+   *
+   * Note that the parents $session_id and $loggedInUser is not updated.
+   */
+  protected function loginHttp(AccountInterface $account) {
+    // Alter the form action to submit the login form through http.php, which
+    // creates a mock HTTP request on HTTPS test environments.
+    $this->drupalGet('user');
+    $form = $this->xpath('//form[@id="user-login-form"]');
+    $form[0]['action'] = $this->httpUrl('user');
+    $edit = array('name' => $account->getUsername(), 'pass' => $account->pass_raw);
+    $this->drupalPostForm(NULL, $edit, t('Log in'));
+  }
+
+  /**
+   * Log in a user via HTTPS.
+   *
+   * Note that the parents $session_id and $loggedInUser is not updated.
+   */
+  protected function loginHttps(AccountInterface $account) {
+    // Alter the form action to submit the login form through https.php, which
+    // creates a mock HTTPS request on HTTP test environments.
+    $this->drupalGet('user');
+    $form = $this->xpath('//form[@id="user-login-form"]');
+    $form[0]['action'] = $this->httpsUrl('user');
+    $edit = array('name' => $account->getUsername(), 'pass' => $account->pass_raw);
+    $this->drupalPostForm(NULL, $edit, t('Log in'));
+  }
+
+  /**
    * Return the token of the current form.
    */
   protected function getFormToken() {