diff --git a/api/auth/login.cfm b/api/auth/login.cfm
index 7bcd638..7f4ed93 100644
--- a/api/auth/login.cfm
+++ b/api/auth/login.cfm
@@ -42,16 +42,16 @@ function normalizeUsername(required string u) {
   return x;
 }
 
-var data = readJsonBody();
-var username = structKeyExists(data, "username") ? normalizeUsername("" & data.username) : "";
-var password = structKeyExists(data, "password") ? ("" & data.password) : "";
+data = readJsonBody();
+username = structKeyExists(data, "username") ? normalizeUsername("" & data.username) : "";
+password = structKeyExists(data, "password") ? ("" & data.password) : "";
 
 if (!len(username) || !len(password)) {
   apiAbort({ "OK": false, "ERROR": "missing_fields" });
 }
 
 try {
-  var q = queryExecute(
+  q = queryExecute(
     "
       SELECT UserID, UserFirstName
       FROM Users
@@ -77,7 +77,7 @@ try {
     apiAbort({ "OK": false, "ERROR": "bad_credentials" });
   }
 
-  var token = replace(createUUID(), "-", "", "all");
+  token = replace(createUUID(), "-", "", "all");
 
   queryExecute(
     "INSERT INTO UserTokens (UserID, Token) VALUES (?, ?)",
@@ -89,7 +89,7 @@ try {
   );
 
   // Optional: also set session for browser tools
-  cflock timeout="15" throwontimeout="yes" type="exclusive" scope="session" {
+  lock timeout="15" throwontimeout="yes" type="exclusive" scope="session" {
     session.UserID = q.UserID;
   }
   request.UserID = q.UserID;