diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index b5b86be615e9dab116376feea20f2c6137f574b3..7be4e2c365627f68416ab582d12849e4a00186ad 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -148,7 +148,6 @@ function process_login_request(app $app, &$error, $conf, $module)
 				$_SESSION['otp']['session_attempts'] = 0;
 				$_SESSION['otp']['type'] = $user['otp_type'];
 				$_SESSION['otp']['data'] = $user['otp_data'];
-				$_SESSION['otp']['recovery'] = $user['otp_recovery'];
 
 				//* Redirect to otp script
 				header('Location: otp.php');
diff --git a/interface/web/login/otp.php b/interface/web/login/otp.php
index 44f3d2fed2f548e4deef80a142f896e12665fafc..8312d6dc533a731d35b389e94e650fc020671752 100644
--- a/interface/web/login/otp.php
+++ b/interface/web/login/otp.php
@@ -76,10 +76,10 @@ function finish_2fa_success($msg = '') {
 }
 
 //* Handle recovery code
-if(isset($_POST['code']) && strlen($_POST['code']) == $otp_recovery_code_length && $_SESSION['otp']['recovery']) {
+if(isset($_POST['code']) && strlen($_POST['code']) == $otp_recovery_code_length) {
 	//* TODO Recovery code handling
 
-	$user = $app->db->queryOneRecord('SELECT otp_attempts FROM sys_user WHERE userid = ?',$_SESSION['s_pending']['user']['userid']);
+	$user = $app->db->queryOneRecord('SELECT otp_attempts, otp_recovery FROM sys_user WHERE userid = ?',$_SESSION['s_pending']['user']['userid']);
 
 	//* We allow one more try to enter recovery code
 	if($user['otp_attempts'] > $max_global_code_retry + 1) {