I assume you mean the forums. We switched on the "force https" option in Discourse which forces the login cookie to be marked "secure." Since the hidden service is plain HTTP, this cookie wouldn't get set, and you wouldn't get logged in. I turned off the "force https," and confirmed you can log in from the HS. @Patrick, @Ego, Are you ok with keeping this off? I know that the emails generated by discourse will have HTTP links, but we have hard-redirects in place server-side to prevent people from browsing it over HTTP (unless they are using the HS).
As for the phabricator issue, forcing the .onion with HTTPS Everywhere will solve that issue for you. You can tweak the rule to only force on phabricator if you so desire.