are you seeing this error on the 'login page' or the my 'account page'
my guess is that since you are returning @user as true/false, your
authenticate is not working correctly, and is returning false, so the
login form gets redisplayed, which is expecting @user to be a valid
User object so it can populate the forms.
I could be more certain if i was able to see your entire controller
method (login?) and your login view.