I wrote and Facebook app that uses sessions. I worked fine in my machine where I use mostly Firefox and Chrome. Suddenly I discovered that after resetting security settings to medium in IE 9 the app suddenly did not work anymore.
Each time I refreshed the new session key was created because requests did not send the cookies. Apparently IE decided to delete the cookies when I was running my Facebook app as page tab inside iFrame. Fortunately I have seen this before and immediately recognized the problem when I saw session key changing each request. It is called P3P headers that someone invented long ago but then understood that these are useless.
To fix it you need to add following line in your PHP code.
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
If you happen to use Laravel or other framework then add above code to Before filter.
See for other languages http://www.admon.org/how-to-implement-p3p-http-headers-for-cross-site-cookies/