diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
index 723eeeba..15ee05d5 100644
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,3 +1,6 @@
+* deprecations
+  * sign_out_all_scopes defaults to true as security measure
+
 * enhancements
   * Added OAuth 2 support
   * sign_out_via is available in the router to configure the method used for sign out (by github.com/martinrehfeld)
diff --git a/lib/devise.rb b/lib/devise.rb
index 731d937e..2d4a3360 100644
--- a/lib/devise.rb
+++ b/lib/devise.rb
@@ -162,7 +162,7 @@ module Devise
 
   # When set to true, signing out an user signs out all other scopes.
   mattr_accessor :sign_out_all_scopes
-  @@sign_out_all_scopes = false
+  @@sign_out_all_scopes = true
 
   # The default method used while signing out
   mattr_accessor :sign_out_via
diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb
index 26242975..db9c4030 100644
--- a/test/controllers/helpers_test.rb
+++ b/test/controllers/helpers_test.rb
@@ -19,9 +19,9 @@ class ControllerAuthenticableTest < ActionController::TestCase
   end
 
   test 'proxy anybody_signed_in? to signed_in?' do
-    Devise.mappings.keys.each { |scope| # :user, :admin, :manager
+    Devise.mappings.keys.each do |scope| # :user, :admin, :manager
       @controller.expects(:signed_in?).with(scope)
-    }
+    end
     @controller.anybody_signed_in?
   end
 
@@ -185,12 +185,26 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.sign_in_and_redirect(admin)
   end
 
-  test 'sign out and redirect uses the configured after sign out path' do
-    @mock_warden.expects(:user).with(:admin).returns(true)
-    @mock_warden.expects(:logout).with(:admin).returns(true)
-    @controller.expects(:redirect_to).with(admin_root_path)
-    @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
-    @controller.sign_out_and_redirect(:admin)
+  test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
+    swap Devise, :sign_out_all_scopes => false do
+      @mock_warden.expects(:user).with(:admin).returns(true)
+      @mock_warden.expects(:logout).with(:admin).returns(true)
+      @controller.expects(:redirect_to).with(admin_root_path)
+      @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
+      @controller.sign_out_and_redirect(:admin)
+    end
+  end
+
+  test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do
+    swap Devise, :sign_out_all_scopes => true do
+      Devise.mappings.keys.each do |scope| # :user, :admin, :manager
+        @mock_warden.expects(:user).with(scope)
+      end
+      @mock_warden.expects(:logout).returns(true)
+      @controller.expects(:redirect_to).with(admin_root_path)
+      @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
+      @controller.sign_out_and_redirect(:admin)
+    end
   end
 
   test 'is not a devise controller' do