diff --git a/servant-auth-server/README.lhs b/servant-auth-server/README.lhs
index 9dba4ac..5825318 100644
--- a/servant-auth-server/README.lhs
+++ b/servant-auth-server/README.lhs
@@ -249,15 +249,14 @@ reading the cookie. For jQuery, and with the default values, that might be:
 
 ~~~ javascript
 
-var token = (function() {
+var getXSRFToken = function() {
   r = document.cookie.match(new RegExp('XSRF-TOKEN=([^;]+)'))
   if (r) return r[1];
-})();
-
+};
 
 $.ajaxPrefilter(function(opts, origOpts, xhr) {
-  xhr.setRequestHeader('X-XSRF-TOKEN', token);
-  }
+  xhr.setRequestHeader('X-XSRF-TOKEN', getXSRFToken());
+});
 
 ~~~