diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb
index 3e408db6..078e0c2a 100644
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@@ -93,6 +93,7 @@ module Devise
         # Hook to serialize user from session. Overwrite if you want.
         def serialize_from_session(keys)
           klass, id = keys
+          raise "#{self} cannot serialize from #{klass} session since it's not its ancestors" unless klass <= self 
           klass.find_by_id(id)
         end
       end
diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb
index 7b7e0c87..1a4bda32 100644
--- a/test/models/authenticatable_test.rb
+++ b/test/models/authenticatable_test.rb
@@ -145,4 +145,17 @@ class AuthenticatableTest < ActiveSupport::TestCase
     user = create_user
     assert_equal user.id, User.serialize_from_session([User, user.id]).id
   end
+
+  test 'should not serialize another klass from session' do
+    user = create_user
+    assert_raise RuntimeError, /ancestors/ do
+      User.serialize_from_session([Admin, user.id])
+    end
+  end
+
+  test 'should serialize another klass from session' do
+    user = create_user
+    klass = Class.new(User)
+    assert_equal user.id, User.serialize_from_session([klass, user.id]).id
+  end
 end