Regardless of privacy settings, ZoneAlarm will always rejects cookies
when using localhost. Something that is not very developer friendly.
The work-around is to use 127.0.0.1 instead.
you are using Visual Studio, you can set whether to use IIS and have
the starting url to use 127.0.0.1. At least that how it works for
ASP.NET 2.0 Web Application Projects; there might be small differences
for Web Site Projects and older ASP.NET 1.1/VS2003; I couldn't verify
for other project types for now but just post to post on this issue.
Here's the thread where this information was taken from