I just tried it again with the same result. I'll try it again on a more generic host VM config like linode and report back. Is there some 'do not try at home' workaround to disable the cookie check so I can get past the login?
I can't give you a login to the one I just did because it's on a private network but I am trying again with a generic ubuntu linode host that will be publicly accessible. If I encounter the problem there too I'll PM you the details. Either way I will update with results.
Ok, I found the issue and it's not a bug. php.ini parameter variables_order needs to include "C" or $_COOKIE is empty. It is disabled by default on my system for a number of internal reasons. It might be something worth adding to install config checks but like you say @Brogan, it's pretty rare to have this configuration out in the wild.