Bassam,
indeed the http info will be encrypted and so the CSM can't decode it and can't see the cookie.
You can use an ssl module to decrypt the traffic and send it back to the CSM.
Or you have to use the only alternative which is sticky based on source ip.
Gilles.