Yes IE6 drops cookies, and it's by design. Last I checked IE6 had about 20% of the web, and that's how many people are blocking most cookies by default. This is scary if your site depends on cookies. It doesn't appear to affect cookies set by JavaScript, although I haven't done enough testing to confirm this.

I had an interesting time with this some months ago. IE6 is the first browser to have any implementation of the Platform for Privacy Preferences (P3P). In short, it's a machine-readable privacy policy implemented by a web site owner and placed on the site for browsers and other UAs to read. You can setup your UA to allow or deny certain actions by the site depending on their policies.

Microsoft only implements part of the spec (surprise, surprise), although their documentation is pretty good. To set a cookie in IE6, therefore, you need to send a Compact Privacy Policy with your cookie. IE6 will read it and decide whether or not your cookie is acceptable. Our policy looks like this:

    CP="NON DSP COR IND PHY ONL PUR COM INT STA CUR OUR"
[download]

There are a few tools that will help you build a policy, but they're first-generation and complicated. IBM has one that's free. There are other reference sites that might help, like P3PToolbox: these folks have a good list of policy generators.

Sadly, Microsoft has thrown a few dirty flies in the ointment. IE6 does not strictly follow the W3C specification, nor does it comply with Microsoft's own documentation. I've checked this and it's true. The first policy I generated was syntactically valid and conformed to IE6's "acceptable" list, but it was rejected. Microsoft requires you to list the tokens in a specific order for IE6 to accept the policy. The guy who discovered this (or publicized it anyway) has a good online validator for compact policies.

If you can get one of the tools to work for you - great. I decided to read the spec and come up with my own rather than learn a tool, and it works nicely. Good luck.