diff --git a/core/modules/user/lib/Drupal/user/AccountFormController.php b/core/modules/user/lib/Drupal/user/AccountFormController.php
index e67520b0d272c8660052d7320d8e307d41f79a99..c1c3735b2a9914f0dc35882c0067641049a8c814 100644
--- a/core/modules/user/lib/Drupal/user/AccountFormController.php
+++ b/core/modules/user/lib/Drupal/user/AccountFormController.php
@@ -289,7 +289,7 @@ public function buildEntity(array $form, array &$form_state) {
   }
 
   /**
-   * Overrides Drupal\Core\Entity\EntityFormController::submit().
+   * {@inheritdoc}
    */
   public function validate(array $form, array &$form_state) {
     parent::validate($form, $form_state);
@@ -354,4 +354,17 @@ public function validate(array $form, array &$form_state) {
     }
   }
 
+  /**
+   * {@inheritdoc}
+   */
+  public function submit(array $form, array &$form_state) {
+    parent::submit($form, $form_state);
+
+    $user = $this->getEntity($form_state);
+    // If there's a session set to the users id, remove the password reset tag
+    // since a new password was saved.
+    if (isset($_SESSION['pass_reset_'. $user->id()])) {
+      unset($_SESSION['pass_reset_'. $user->id()]);
+    }
+  }
 }
diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPasswordResetTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPasswordResetTest.php
index f8635fd37356b433352a20974800d62125c5ec92..8b4da13e7d7a7d9c6988452744fdc6f17702c09b 100644
--- a/core/modules/user/lib/Drupal/user/Tests/UserPasswordResetTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserPasswordResetTest.php
@@ -83,6 +83,16 @@ function testUserPasswordReset() {
     $this->assertLink(t('Log out'));
     $this->assertTitle(t('@name | @site', array('@name' => $this->account->getUsername(), '@site' => \Drupal::config('system.site')->get('name'))), 'Logged in using password reset link.');
 
+    // Change the forgotten password.
+    $password = user_password();
+    $edit = array('pass[pass1]' => $password, 'pass[pass2]' => $password);
+    $this->drupalPostForm(NULL, $edit, t('Save'));
+    $this->assertText(t('The changes have been saved.'), 'Forgotten password changed.');
+
+    // Verify that the password reset session has been destroyed.
+    $this->drupalPostForm(NULL, $edit, t('Save'));
+    $this->assertText(t('Your current password is missing or incorrect; it\'s required to change the Password.'), 'Password needed to make profile changes.');
+
     // Log out, and try to log in again using the same one-time link.
     $this->drupalLogout();
     $this->drupalGet($resetURL);
@@ -92,7 +102,7 @@ function testUserPasswordReset() {
     $this->drupalGet('user/password');
     // Count email messages before to compare with after.
     $before = count($this->drupalGetMails(array('id' => 'user_password_reset')));
-    $edit['name'] = $this->account->getEmail();
+    $edit = array('name' => $this->account->getEmail());
     $this->drupalPostForm(NULL, $edit, t('E-mail new password'));
     $this->assertTrue( count($this->drupalGetMails(array('id' => 'user_password_reset'))) === $before + 1, 'E-mail sent when requesting password reset using e-mail address.');