diff --git a/core/modules/user/src/Controller/UserController.php b/core/modules/user/src/Controller/UserController.php
index 5997735..5cab518 100644
--- a/core/modules/user/src/Controller/UserController.php
+++ b/core/modules/user/src/Controller/UserController.php
@@ -86,8 +86,7 @@ public function resetPass($uid, $timestamp, $hash) {
       }
       // A different user is already logged in on the computer.
       else {
-        $reset_link_user = $this->userStorage->load($uid);
-        if ($reset_link_user) {
+        if ($reset_link_user = $this->userStorage->load($uid)) {
           drupal_set_message($this->t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href="!logout">logout</a> and try using the link again.',
             array('%other_user' => $account->getUsername(), '%resetting_user' => $reset_link_user->getUsername(), '!logout' => $this->url('user.logout'))));
         }
@@ -112,7 +111,7 @@ public function resetPass($uid, $timestamp, $hash) {
           drupal_set_message($this->t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
           return $this->redirect('user.pass');
         }
-        elseif ($user->isAuthenticated() && $timestamp >= $user->getLastLoginTime() && $timestamp <= $current && $hash === user_pass_rehash($user->getPassword(), $timestamp, $user->getLastLoginTime())) {
+        elseif ($user->isAuthenticated() && ($timestamp >= $user->getLastLoginTime()) && ($timestamp <= $current) && ($hash === user_pass_rehash($user->getPassword(), $timestamp, $user->getLastLoginTime()))) {
           $expiration_date = $user->getLastLoginTime() ? $this->date->format($timestamp + $timeout) : NULL;
           return $this->formBuilder()->getForm('Drupal\user\Form\UserPasswordResetForm', $user, $expiration_date, $timestamp, $hash);
         }