diff --git a/ckanext/security/model.py b/ckanext/security/model.py
index 8f5344b..cc90baa 100644
--- a/ckanext/security/model.py
+++ b/ckanext/security/model.py
@@ -10,7 +10,7 @@
 from ckan.model import DomainObject, User
 from ckan.model.meta import metadata, mapper
 from ckan.plugins import toolkit
-from sqlalchemy import Table, Column, types
+from sqlalchemy import Table, Column, types, inspect
 
 log = logging.getLogger(__name__)
 user_security_totp = None
@@ -20,14 +20,17 @@ def db_setup():
     if user_security_totp is None:
         define_security_tables()
 
-    if not model.package_table.exists():
-        log.critical("Exiting: can not migrate security model \
-if the database does not exist yet")
+    db_engine = model.meta.engine
+    inspector = inspect(db_engine)
+
+    if not inspector.has_table('package'):
+        log.critical("Exiting: can not migrate security model "
+                     "if the database does not exist yet")
         sys.exit(1)
         return
 
-    if not user_security_totp.exists():
-        user_security_totp.create()
+    if not inspector.has_table('user_security_totp'):
+        user_security_totp.create(db_engine)
         print("Created security TOTP table")
     else:
         print("Security TOTP table already exists -- skipping")
diff --git a/ckanext/security/plugin/flask_plugin.py b/ckanext/security/plugin/flask_plugin.py
index 8a59a0b..1678624 100644
--- a/ckanext/security/plugin/flask_plugin.py
+++ b/ckanext/security/plugin/flask_plugin.py
@@ -30,4 +30,8 @@ def authenticate(self, identity):
 
     # Delete session cookie information
     def logout(self):
-        session.invalidate()
+        # Beaker session (CKAN < 2.11) uses invalidate(); Flask-Session uses clear()
+        if hasattr(session, 'invalidate'):
+            session.invalidate()
+        else:
+            session.clear()
diff --git a/ckanext/security/templates/user/edit_user_form.html b/ckanext/security/templates/user/edit_user_form.html
index 6f2a017..43f2eb4 100644
--- a/ckanext/security/templates/user/edit_user_form.html
+++ b/ckanext/security/templates/user/edit_user_form.html
@@ -11,7 +11,7 @@
 {% if h.security_enable_totp() %}
   <fieldset>
     <legend>{{_('Two factor authentication')}}</legend>
-    {% link_for _('Manage two factor authentication'), controller='mfa_user', action='configure_mfa', id=data.id, class_='btn btn-default pull-left', icon='cog' %}
+    {% link_for _('Manage two factor authentication'), controller='mfa_user', action='configure_mfa', id=data.id, class_='btn btn-secondary float-start', icon='cog' %}
   </fieldset>
 {% endif %}
 
diff --git a/requirements.txt b/requirements.txt
index 4a991ac..25a0967 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,9 +1,10 @@
+# Required for CKAN < 2.11 (repoze.who-based auth)
 Beaker~=1.11.0
 beaker-redis~=1.1.0
-pyotp~=2.6.0
-python-magic~=0.4.24
-redis~=4.1
 repoze.who~=2.4
 git+https://github.com/akissa/repoze.who-use_beaker@780379fd58b10264c0756feb6d3f232f797ba0cb#egg=repoze.who-use_beaker
-six~=1.16.0
 WebOb~=1.8.7
+pyotp~=2.6.0
+python-magic~=0.4.24
+redis>=4.1
+six~=1.16.0