I don't know if this would help for someone to diagnose the problem; but here it is. I am running to the same problem: can not login via the internet. The funny thing is this: I can login through my internal network just fine, but from outside, no one can login. After a several hours of debug, here are what I find:
- The cookie "wordpressuser_xxxxx" is set correctly, however the "wordpresspass_xxxxx" is missing in the $_COOKIE, thus it will failed in the "auth.php".
Now, if I flipped the "setcookie", let it set the wordpresspass_xxx first, then the wordpressuser_xxxx later, then the "wordpressuser_xxxx" now missing from the $_COOKIE. My suspect is that this is may be a timing issue, since the "setcookie" is done, and then followed by the redirect "header", thus the browser missed one of the "setcookie" ? Any taker?