Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.

div.potd-details {
    text-align: center;
}
div.potd-details p.caption {
    font-weight: bold;
}
div.potd-details p.details {
    font-style: italic;
    font-size: smaller;
}