Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.

.poll-form {
    padding-bottom: 1em;
}
.poll-form ul {
    list-style: none;
    padding-bottom: 0.5em;
}
.poll-form li {
    padding: 0.5em 0 0.5em 0.5em;
}
dl.poll-result {
    width: 80%;
}