are you seeing this error on the 'login page' or the my 'account page'
my guess is that since you are returning @user as true/false, your authenticate is not working correctly, and is returning false, so the login form gets redisplayed, which is expecting @user to be a valid User object so it can populate the forms.
I could be more certain if i was able to see your entire controller method (login?) and your login view.
