Had an issue come up today with a site that offers the service to pull in data to your site using an iframe. Apparently IE has a security feature where it does not accept sessions from external sites using iframe. Sounds great, but the way to make it work is to simply send a header with the request.
header('P3P: CP="CAO PSA OUR"');
So how does this add security? Find more info here.