IE6 has a privacy setting that prevents "3rd party cookies", which are defined as cookies that don't belong to the site originally called. For example, if your site is contained in frames and the URL of the frameset document has a different server name than the individual frames, then cookies are disabled. Note that server names and paths are case sensitive as far as cookies are concerned, so even a capitalization discrepancy can cause this problem.
The way to get around this problem is to use a compact P3P policy -- an HTTP header containing an abbreviated version of a full P3P policy, which is an XML document.
For information on P3P policies and how to create them, check out the following sites:
General information on P3P:
Microsoft information on IE6 and cookies/privacy:
Sent by Gregg Barfield on 06/25/2002 10:01:06 AM:
I put my site into frames and now the auth object doesn't work in IE6. It acts as if it cannot find the password in the database (as if it doesn't exist). Has anyone heard of this problem? I am guessing it may be a config setting in IE6.