diff --git a/auth_brute_force/controllers/controllers.py b/auth_brute_force/controllers/controllers.py
index 05dc8831b..f752eee95 100644
--- a/auth_brute_force/controllers/controllers.py
+++ b/auth_brute_force/controllers/controllers.py
@@ -32,7 +32,6 @@ _logger = logging.getLogger(__name__)
 class LoginController(Home):
     @http.route()
     def web_login(self, redirect=None, **kw):
-
         if request.httprequest.method == 'POST':
             ensure_db()
             remote = request.httprequest.remote_addr
@@ -45,11 +44,10 @@ class LoginController(Home):
             cursor = attempt_obj.pool.cursor()
 
             # Get Settings
-            config_id = config_obj.search(cursor, SUPERUSER_ID, [(
-                'key', '=',
-                'auth_brute_force.max_attempt_qty')])
-            max_attempts_qty = int(config_obj.browse(
-                cursor, SUPERUSER_ID, config_id).value)
+            max_attempts_qty = int(config_obj.search_read(
+                cursor, SUPERUSER_ID,
+                [('key', '=', 'auth_brute_force.max_attempt_qty')],
+                ['value'])[0]['value'])
 
             # Test if remote user is banned
             banned = banned_remote_obj.search(cursor, SUPERUSER_ID, [
@@ -69,6 +67,7 @@ class LoginController(Home):
                     request.params['password'])
 
             # Log attempt
+            cursor.commit()
             attempt_obj.create(cursor, SUPERUSER_ID, {
                 'attempt_date': fields.Datetime.now(),
                 'login': request.params['login'],