by terminating ssl on the css, you could use cookie stickyness which is independent of the ip address.
This would solve your problem for sure.
Without the SSL module, you don't have much option.
If you can't use IP address, you also can't use TCP ports, so the only thing left is the SSL ID.
You could 'advanced-balance ssl' with 'application ssl'.
However, IE browsers are known to change frequently the SSLID even during a single session.
So, by using this optin, you may fix the problem of this particular client but create more issues with other customer.
Unfortunately that's the only choices available.
Gilles.