Internet Explorer 9 and Chrome don't handle set-cookie headers

I am testing my website which works fine with Iron, Firefox and Opera, now using Internet Explorer 9, and Chrome. It sets two important cookies in every browser, except for IE9 and Chrome. It seems the set-cookie headers are ignored by these browsers. Until I lowered s开发者_JAVA技巧ecurity and privacy settings, Facebook's cookies were missing too in Internet Explorer (except for cookies from skype.com, there weren't any cookies at all inside IE).

The cookies are set for the domain modern-iq.appspot.com (the alpha version of this project is accessible at http://modern-iq.appspot.com). It doesn't contain underscores and it looks standard-compliant to me.

Independent of the actual path, I always choose "/" for my cookies. The domain is always modern-iq.appspot.com (no cross-domain cookies). There are no iframes.

UPDATE: I did the following tests:

work

• Iron 12.0.750.0 (88853) on Ubuntu (64-bit): cookies work
• Firefox 6.0 on Ubuntu (64-bit): cookies work
• Firefox 3.6.13 on Windows XP: cookies work
• Firefox (unknown version) on Windows 7: cookies work

don't work

• Internet Explorer 9 on Windows 7: cookies don't work
• Chrome 13.0.782.112 m on Windows XP: cookies don't work

UPDATE: Request logs of failing Chrome and working Iron:

• requestlog-chrome.har (cookies ignored)
• requestlog-chrome.txt (cookies ignored)
• requestlog-iron.har (cookies kept)
• requestlog-iron.txt (cookies kept)

The questionable cookies are fb_user and fb_access_token at the end of the request chain.

set_cookie calls (Python):

set_cookie(self.response, FACEBOOK_USER_COOKIE_NAME, str(profile["id"]), domain='modern-iq.appspot.com',
                   expires=time.time() + COOKIE_EXPIRY_SPAN) #30 * 86400)
set_cookie(self.response, FACEBOOK_ACCESS_TOKEN_COOKIE_NAME, str(access_token), domain='modern-iq.appspot.com',
                   expires=time.time() + COOKIE_EXPIRY_SPAN) #30 * 86400)

set_cookie (Python):

def set_cookie(response, name, value, domain=None, path="/", expires=None):
    """Generates and signs a cookie for the give name/value"""
    for domain in domain, : #'localhost':
        logging.info('DOING COOKIE OF DOMAIN '+repr(domain)+'...')
        timestamp = str(int(time.time()))
        value = base64.b64encode(value)
        signature = cookie_signature(value, timestamp)
        cookie = Cookie.BaseCookie()
        cookie[name] = "|".join([value, timestamp, signature])
        cookie[name]["path"] = path
        if domain: cookie[name]["domain"] = domain
        if expires:
            cookie[name]["expires"] = email.utils.formatdate(
                expires, localtime=False, usegmt=True)
        response.headers._headers.append(("Set-Cookie", cookie.output()[12:]))

You need to set a P3P header that reflects the privacy policies related to the cookie. http://blogs.msdn.com/b/ieinternals/archive/2010/06/05/understanding-internet-explorer-cookie-controls.aspx