Allow password reset for logged in users

[mephi42]

Would it make sense to drop @anonymous_user_required from forgot_password() and reset_password()? If a logged in user realized he forgot his password and wants to reset it, then it's not optimal to force him to log out.

[jwag956]

I'd like to know more about the use case - personally - I don't see a common use case for "I'm enjoying this website - OMG I don't remember my password"

Also - do you have some reference web sites that have this feature?

[ThiefMaster]

Changing your password/email typically require you to enter your current password, even while logged-in. Combined with very long-lived sessions which are popular outside the corporate world, it's certainly possible that you don't know your password but are still logged in...

Even GitHub has a password reset link in the profile:

[mephi42]

My use case is similar to what @ThiefMaster described. I would like to do password verification for very sensitive operations (changing a password or an email, or deleting an account), even if the user is logged in.