Hmm...if it works for logged in users it probably isn't a cookie issue. I was looking through the code to see why it would print a login page, and it looks like if you pass a forum or thread id to the script (or use parameters 'f' or 't' for something), it could decide that the user has no permission. Is there any error message being displayed before it goes to the login page?
You might try temporarily creating a plugin using hook header_redirect with code somethign like this:
Code:
debug_print_backtrace();
die("<BR/>Exiting from header_redirect plugin.");
and that let you figure out where the redirect is being called from.