Thanks for the reply but I tried all that and verified no site/cookies/exceptions exist for this site.
In Firefox 3:
Tools->options->privacy->show cookies... (remove cookies) (remove all cookies).
From here i can see exactly what's happening with cookies as you go to an OpenACS site...
It sets ad_session_id as you go to login page and after login it sets ad_user_login and if its secure sets ad_user_login_secure and ad_secure_token
When I go to site no attempt to write any cookie is made (i have "ask me every time" option set in Tools->options->privacy in FF).
IE7 doesn't really show what's happening as easily but it also doesn't work so doesn't appear to be browser issue.