1) You are getting the 503 error because you are attempting to use a FCGI handler with a the stock php binary that is compiled for LSAPI only.
2) Do a "echo phpinfo();" at the top of your authentication php page to see what cookies are actually received by php.
3) Seek the session class/function you are using to see if there is a SSL bit toggle.
4) Try settings output_buffering = 8192 in /opt/lsws/conf/php.ini. See if this helps.
The best way to check is to to make sure cookies are sent/received properly. Have one script set a cookie and the same or another to receive/echo it.
What it looks like if that the end user's browser is not receiving/storing the cookies.