I have the solution to this problem. To use cookies (or sessions) with an iframe and IE, you need a compact P3P policy header. The solution and explanation can be found here: http://www.aspnetresources.com/blog/frames_webforms_and_rejected_cookies.aspx
Make sure to read the entire article and my comment (Robert Giordano) at the end. There were a couple of things that were not obvious to me but in the end, it all works!
