There’s nothing wrong with the function, it’s the fact that you aren’t actually being logged in!
You say you’re making your own login form? Does this post to the standard wp-login.php
, or do you handle the request yourself?
Does the path/domain of the form differ from WordPress? If you inspect your cookies, are any being set?