It was a red-herring, please ignore it. The issue was that cookie URL set had a www while the page where I was trying to access it had the domain name without www, hence the browser was not sending the right headers in GET. My bad.
One little update. I checked the cookies and I am seeing 3 cookies set for the user. Including the logged_in cookie, which expires 14 days from now. But still for some reason I am not getting logged in from another/same browser window.
Thanks
