diff --git a/client/src/api.js b/client/src/api.js
index 0a4d7a3..598017d 100644
--- a/client/src/api.js
+++ b/client/src/api.js
@@ -57,10 +57,10 @@ export async function handleLogout() {
   try {
     await fetch('/api/auth/logout', {
       method: 'POST',
-      headers: csrfToken ? { 'X-CSRF-Token': csrfToken } : {}
+      headers: state.csrfToken ? { 'X-CSRF-Token': state.csrfToken } : {}
     });
-    currentUser = null;
-    csrfToken = null;
+    state.currentUser = null;
+    state.csrfToken = null;
     return { success: true };
   } catch (err) {
     console.error('Logout failed:', err);
@@ -203,7 +203,7 @@ export async function enableSonarrWebhook() {
   try {
     const res = await fetch('/api/sonarr/notifications/sofarr-webhook', {
       method: 'POST',
-      headers: { 'X-CSRF-Token': csrfToken || '' }
+      headers: { 'X-CSRF-Token': state.csrfToken || '' }
     });
     if (!res.ok) throw new Error('Failed to enable');
     await fetchWebhookStatus();