Darcie (and everyone else) - thanks so much for helping people out... I still seem to be having problems but I'm probably just being too dense to figure it out on my own. Incidentally, my ideal fix is to disable any sort of URL/domain/type checking altogether - this is hosted on an internal network anyway so there is zero public access. I imagine others might also benefit if there's some fix they can do to just allow always auto-login without having to go through a domain-check for the cookie to work.
I already have auto-login enabled.
My site is either accessed through
http://portal/bb or
http://portal.hjw.local/bb (people use both - do I have to pick one or the other for this to work?)
Cookie settings as I have them right now:
cookie domain: portal
cookie name: phpbb3_bb
cookie path: /bb/