tried the web UI from my iPhone. Safari (disabled cookies by default) does NOT work. Chrome (cookies enabled by default) does work.
enabling cookies on Safari fixes the problem.
when it doesnt work it says "bad username/password"
not sure why the system does not issue a warning - it simply fails stating bad 'username/password'. And it should be possible to carry the session on the URL as a fallback instead of a cookie.