I cannot reproduce the issue with HttpOnly cookies, it all works fine.
My hunch is the misunderstanding of the secure cookie attribute. This means, that the client will send this cookie only via HTTPS. Since you are adding this to all cookies and the stickiness information is part of the session ID cookie, it will not be sent if you are testing over HTTP. A new session will be created every time, since you won't present your existing cookie. Try with "Header set Set-Cookie HttpOnly" instead or using HTTPS.
Silly me, that was exactly my problem. Thanks a lot!