diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
index ce4ed309..7a0901da 100644
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,3 +1,8 @@
+== 1.4.7
+
+* bug fix
+  * Fix backward incompatible change from 1.4.6 for those using custom controllers
+
 == 1.4.6
 
 * enhancements
diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb
index 0c804e07..3aee5949 100644
--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@@ -1,6 +1,6 @@
 class Devise::SessionsController < ApplicationController
   prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
-  before_filter :allow_params_authentication!, :only => :create
+  prepend_before_filter :allow_params_authentication!, :only => :create
   include Devise::Controllers::InternalHelpers
 
   # GET /resource/sign_in
diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb
index 8b84258a..95021f4a 100644
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@@ -182,7 +182,6 @@ module ActionDispatch::Routing
       options[:path_names]    = (@scope[:path_names] || {}).merge(options[:path_names] || {})
       options[:constraints]   = (@scope[:constraints] || {}).merge(options[:constraints] || {})
       options[:defaults]      = (@scope[:defaults] || {}).merge(options[:defaults] || {})
-
       @scope[:options]        = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
 
       resources.map!(&:to_sym)
diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb
index a84aa31e..b81d145c 100644
--- a/lib/devise/strategies/authenticatable.rb
+++ b/lib/devise/strategies/authenticatable.rb
@@ -85,7 +85,17 @@ module Devise
 
       # By default, a request is valid  if the controller is allowed and the VERB is POST.
       def valid_request?
-        env["devise.allow_params_authentication"]
+        if env["devise.allow_params_authentication"]
+          true
+        elsif request.post? && mapping.controllers[:sessions] == params[:controller]
+          ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \
+            "In order for it to work from Devise 1.4.6 forward, you need to add the following:" \
+            "\n\n  prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \
+            "This will ensure your controller can authenticate from params for the create action.", caller
+          true
+        else
+          false
+        end
       end
 
       # If the request is valid, finally check if params_auth_hash returns a hash.