we find out a bug in IE7 or above recently. If you use php session, you can run in firefox, google chrome but cannot never success in IE7 or above.
There are many topics discussing the same issue, for example adding p3p, change session.use_trans_sid, change timezone….however, there is one security issue in IE7 or above which let the above solution no longer working.
If the domain/sub-domain name contains an “underscore“, your session cookie will never be created….
sub_domain.domain.com the security issue from Microsoft (DNS section): http://support.microsoft.com/kb/909264