IIS will not issue Cookies on a redirect when PHP is run as CGI:
http://support.microsoft.com/kb/q176113/
This makes it impossible to login.
Other webapps seem to have workarounds:
http://google.com/codesearch?q=q176113
Until this problem is solved, PHP needs to be run as ISAPI module instead.