In the remote editor, in the variable tab do you have %username and %password set? Originally my comments were missing the % in the set commands.
I have not seen you post anything with the csrf token, this may indicate json-for-mirc is not working. You have "JSON For Mirc.js" in the same folder as the mrc script? Can you enter this and reply with the response?
//echo -ag $jsonversion :: $cod.token
But the script is working. The cookie regex is fine, it's global //g and I loop over the set-cookie values to include them in the next request. SReject is looking into changing json-for-mirc to disable redirects. I have made this change locally and can now skip my custom sockets in lieu of an entire json-for-mirc approach.