Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.

{% extends 'base.html' %}
{% load url from future %}
{% block title %}Password Reset Complete{% endblock %}
{% block content %}
<h2>Password Reset Complete</h2>
<p>
Your password has been successfully changed. You may now <a href="{% url 'accounts-login' %}">login</a>.
</p>
{% endblock %}