diff --git a/lib/auth.js b/lib/auth.js
index 1186358..aea7ad1 100644
--- a/lib/auth.js
+++ b/lib/auth.js
@@ -22,29 +22,24 @@ function parseXauth( buf )
               0: 'Internet', 
               1: 'DECnet', 
               2: 'Chaos',
- 	     5: 'ServerInterpreted', 
+              5: 'ServerInterpreted', 
               6: 'InternetV6'
         };
+        var cookieFields = [
+            'address',
+            'display',
+            'authName',
+            'authData'
+        ];
         cookie.type = buf.unpack('n')[0];
         offset += 2;
-        // TODO: rewrite following using loop (16bits length + string data)
-        var addressLen = buf.unpack('n', offset)[0];        
-        offset += 2;
-        cookie.address = buf.unpackString(addressLen, offset);
-        offset += addressLen;
-        var displayNumLen = buf.unpack('n', offset)[0];    
-        offset += 2;
-        cookie.display = buf.unpackString(displayNumLen, offset);
-        offset += displayNumLen;
-        var authNameLen = buf.unpack('n', offset)[0];
-        offset += 2;
-        cookie.authName = buf.unpackString(authNameLen, offset);
-        offset += authNameLen;
-        var authDataLen = buf.unpack('n', offset)[0];
-        offset += 2;
-        cookie.authData = buf.unpackString(authDataLen, offset);
-        offset += authDataLen;
-        auth.push(cookie);        
+        for (var i = 0; i < 4; i += 1) {
+            var length = buf.unpack('n', offset)[0];
+            offset += 2;
+            cookie[cookieFields[i]] = buf.unpackString(length, offset);
+            offset += length;
+        }
+        auth.push(cookie);
     }
     return auth;
 }
@@ -92,4 +87,4 @@ module.exports = function( display, host, cb )
         // throw 'No auth cookie matching display=' + display + ' and  host=' + host;
         cb( '', '' );            
     });       
-}
\ No newline at end of file
+};