Hello,
It looks like you have a case open with support on this. I'd suggest working with them and then posting the results here once you guys figure it out.
The current behavior you're seeing is expected: if you are using an HTTP class to filter requests which contain the cookie and App Security is disabled on the class, every request with that cookie will be sent directly to the pool.
The ability to define a modified domain cookie using a regular expression has been requested in CR47126. I've attached your case to the request to have this feature built in a future version.
There are a few options for how to work around this in 9.2.3. I think it would be good to work with support to determine the best approach.
Thanks,
Aaron