There is a bug (or "design feature") in IE that will try to do an NTLM reauthentication when POSTing data. The POST also has a Content-Length: 0 http header.
For more information on the IE6 behaviour, please see http://www.websina.com/bugzero/kb/browser-ie.html
We had some code in there to work around this issue but is for some reason broken. We will supply an update for you to test - let us know how you go.