diff --git a/src/js/client.js b/src/js/client.js
index 059a3053b..1c417d8bb 100644
--- a/src/js/client.js
+++ b/src/js/client.js
@@ -1703,13 +1703,13 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
         window.location.href = this.apiOrigin + '/api/v1/oauth/dialog/authorize?response_type=token&client_id=' + this._clientId + '&redirect_uri=' + callbackURL + '&scope=' + scope + '&state=' + state;
     };
 
-    Client.prototype.logout = function () {
+    Client.prototype.logout = function (allSessions) {
         this.setToken(null);
         this._userInfo = {};
 
         // logout from OAuth session
         var origin = window.location.protocol + '//' + window.location.host;
-        window.location.href = this.apiOrigin + '/api/v1/session/logout?redirect=' + origin;
+        window.location.href = this.apiOrigin + '/api/v1/session/logout?redirect=' + origin + (allSessions ? '&all=true' : '');
     };
 
     // this is ununsed because webadmin uses implicit grant flow
diff --git a/src/views/profile.js b/src/views/profile.js
index 52ac20c9d..0c53a685a 100644
--- a/src/views/profile.js
+++ b/src/views/profile.js
@@ -309,7 +309,7 @@ angular.module('Application').controller('ProfileController', ['$scope', '$locat
         asyncForEach($scope.activeClients.filter(function (c) { return c.id !== 'cid-webadmin'; }), revokeTokensByClient, function () {
             // WARNING keep in sync with clients.js in box code
             revokeTokensByClient('cid-webadmin', function () {
-                Client.logout(); // this destroys the OAuth session
+                Client.logout(true /* destroy all OAuth sessions for this user */);
             });
         });
     };