That's a tough one. I have the same problem occasionally. If they can't get the cookie to set, they can't visit your site.

I do it with ASP, which also requires a session cookie to maintain state.

Have you tried to manually "allow" your site in some of the browsers? That helped me a few times.

Have you tried outputting a P3P privacy header when you set the cookie?

Recent IE versions have started dropping some cookies sent without a P3P privacy policy in place. I think the embedded browser in AOL these days is IE 5.5 or IE 6.

Anyhow, putting a P3P privacy header in place solved all cookie issues for my site, both IE and AOL. Try googling around for P3P. Constructing the header isn't exactly straightforward, I'd suggest finding some software to build it for you. I used the P3P software from IBM, but there are probably more choices.

Once you've got the header, outputting it in php is as simple as adding a

header('P3P: your p3p header values...');

line where you're already sending the cookie.

P3P is becoming a serious issue due to widespread usage of IE6 - note that it might affect not just AOL users but also people who receive email on their HoTMaiL account (20-25% of subscribers in typical B2C list in the UK) - due to annoying frame design for click-outs sites without P3P policy (XML file) and (I believe) additional P3P compact policy in HTTP headers are at risk of being disabled if they rely on cookies.

Internet Explorer only reads the compact policy header for cookie decisions. Microsoft has a decent FAQ on the matter, Google for "explorer compact policy header".

I spent a decent amount of time agonizing over the wording on the descriptive sections of my XML policy file, but it has never been downloaded. Oh well. :)

We had the same problem in one our sites for Hotmail users, but using the trick in the following thread, we put a code to remove the Hotmail Frame and we got no complain anymore.

MSN/Hotmail email link redirects and frames
[webmasterworld.com ]