Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.

{% load core_tags %}
<p>
<span class="shoutbox-user">{{ shout.user.username }}:</span>
<span class="shoutbox-shout">{{ shout.html|safe }}</span><br />
<span class="shoutbox-date">{{ shout.shout_date|elapsed }}</span>
</p>