diff --git a/core/authentication_api.php b/core/authentication_api.php
index 620ae76e6f..c8385cd6af 100644
--- a/core/authentication_api.php
+++ b/core/authentication_api.php
@@ -753,7 +753,7 @@ function auth_set_tokens( $p_user_id ) {
 }
 
 /**
- * Check for authentication tokens, and display re-authentication page if needed.
+ * Check for authentication tokens, and redirect to login page for re-authentication.
  * Currently, if using BASIC or HTTP authentication methods, or if logged in anonymously,
  * this function will always "authenticate" the user (do nothing).
  *
@@ -781,101 +781,20 @@ function auth_reauthenticate() {
 			return true;
 		}
 
-		return auth_reauthenticate_page( $t_user_id, $t_username );
-	}
-}
-
-/**
- * Generate the intermediate authentication page.
- * @param integer $p_user_id  User ID.
- * @param string  $p_username Username.
- * @return boolean
- * @access public
- */
-function auth_reauthenticate_page( $p_user_id, $p_username ) {
-	$t_error = false;
+		$t_request_uri = string_url( $_SERVER['REQUEST_URI'] );
 
-	if( true == gpc_get_bool( '_authenticate' ) ) {
-		$f_password = gpc_get_string( 'password', '' );
+		$t_query_params = http_build_query(
+			array(
+				'reauthenticate' => 1,
+				'username' => $t_username,
+				'return' => $t_request_uri,
+			),
+			'', '&'
+		);
 
-		if( auth_attempt_login( $p_username, $f_password ) ) {
-			auth_set_tokens( $p_user_id );
-			return true;
-		} else {
-			$t_error = true;
-		}
+		# redirect to login page
+		print_header_redirect( 'login_page.php?' . $t_query_params );
 	}
-	
-	layout_page_header();
-
-	layout_page_begin();
-
-	?>
-<div class="col-md-12 col-xs-12">
-	<div class="space-10"></div>
-<?php
-	if( $t_error != false ) {
-		echo '<div class="alert alert-danger">';
-		echo '<p>' . lang_get( 'reauthenticate_message' ) . ' ' . lang_get( 'login_error' ) . '</p>';
-		echo '</div>';
-	}
-?>
-
-<div class="form-container">
-<form id="reauth-form" method="post" action="">
-<div class="widget-box widget-color-blue2">
-<div class="widget-header widget-header-small">
-	<h4 class="widget-title lighter">
-		<i class="ace-icon fa fa-lock"></i>
-		<?php echo lang_get( 'reauthenticate_title' ) ?>
-	</h4>
-</div>
-
-<div class="widget-body">
-	<div class="widget-main no-padding">
-		<fieldset>
-		<?php
-			# CSRF protection not required here - user needs to enter password
-			# (confirmation step) before the form is accepted.
-			print_hidden_inputs( $_POST );
-			print_hidden_inputs( $_GET );
-		?>
-
-			<input type="hidden" name="_authenticate" value="1" />
-			<div class="table-responsive">
-			<table class="table table-bordered table-condensed table-striped">
-				<tr>
-					<th class="category">
-						<?php echo lang_get( 'username' );?>
-					</th>
-					<td>
-						<input id="username" type="text" disabled="disabled" class="input-sm" size="32" maxlength="<?php echo DB_FIELD_SIZE_USERNAME;?>" value="<?php echo string_attribute( $p_username );?>" />
-					</td>
-				</tr>
-				<tr>
-					<th class="category">
-						<?php echo lang_get( 'password' );?>
-					</th>
-					<td>
-						<input id="password" type="password" name="password" class="input-sm" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" class="autofocus" />
-					</td>
-				</tr>
-			</table>
-			</div>
-		</fieldset>
-	</div>
-	<div class="widget-toolbox padding-8 clearfix">
-		<input type="submit" class="btn btn-primary btn-white btn-round" value="<?php echo lang_get( 'login_button' );?>" />
-	</div>
-</div>
-</div>
-</form>
-</div>
-</div>
-
-<?php
-	layout_page_end();
-	exit;
 }
 
 /**
diff --git a/login_page.php b/login_page.php
index 0836509cc0..80366625e9 100644
--- a/login_page.php
+++ b/login_page.php
@@ -57,6 +57,7 @@
 $f_cookie_error          = gpc_get_bool( 'cookie_error' );
 $f_return                = string_sanitize_url( gpc_get_string( 'return', '' ) );
 $f_username              = gpc_get_string( 'username', '' );
+$f_reauthenticate        = gpc_get_bool( 'reauthenticate', false );
 $f_perm_login            = gpc_get_bool( 'perm_login', false );
 $f_secure_session        = gpc_get_bool( 'secure_session', false );
 $f_secure_session_cookie = gpc_get_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', null );
@@ -75,7 +76,7 @@
 $t_session_validation = ( ON == config_get_global( 'session_validation' ) );
 
 # If user is already authenticated and not anonymous
-if( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
+if( auth_is_user_authenticated() && !current_user_is_anonymous() && !$f_reauthenticate) {
 	# If return URL is specified redirect to it; otherwise use default page
 	if( !is_blank( $f_return ) ) {
 		print_header_redirect( $f_return, false, false, true );