Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.

{% load url from future %}
{% load bio_tags %}
{% if avatar_url %}
<a href="{% url 'bio-view_profile' username=user.name %}">
<img src="{{ avatar_url }}" alt="{{ user.name }}" style="float:left;margin-right:3px;" /></a>
{% endif %}
{% profile_link user.name %}:<br />
{{ user.message|safe }}