Django 1.5.1 login_required decorator not catching unauthenticated users

Django 1.5.1 login_required decorator not catching unauthenticated users

I have a very typical view/login_required decorator implementation, and
it's been reported to me that sometimes as often as twice a day, the QA
team will run across this error:
ERROR: AttributeError at /plan/reviewplan/1702/ 'WSGIRequest' object has no
attribute 'user' Request Method: GET Request URL:
http://<ip>/plan/reviewplan/1702/ Django Version: 1.5.1
Traceback: File
"/usr/lib/pymodules/python2.6/django/core/handlers/base.py" in
get_response 187.
response = middleware_method(request, response)
File
"/usr/local/lib/python2.6/dist-packages/debug_toolbar/panels/template.py"
in process_response 118. pformat(k(self.request))) for k in
get_standard_processors()
File "/opt/ion/iondb/rundb/context_processors.py" in
base_context_processor 25.
if request.user: Exception Type: AttributeError at /plan/reviewplan/1702/
Exception Value: 'WSGIRequest' object has no attribute 'user'
I checked and the view does in fact have a login_required decorator. It's
also been reported on other views which are decorated with login_required
as well.
The return on the views is:
return render_to_response("template.html", context_instance=ctx,
mimetype="text/html")
FYI: The ctx instance is stored in the session, and often updated between
view calls. I inherited this design and I can't do anything about it. The
function that handles this is:
def _create_context_from_session(request, next_step_name):
ctxd = request.session['saved_plan']
ctxd['helper'] = request.session['plan_step_helper']
ctxd['step'] = None
if next_step_name in ctxd['helper'].steps:
ctxd['step'] = ctxd['helper'].steps[next_step_name]
context = RequestContext(request, ctxd)
return context