Work-around?
This is just my 2 cents, but I would be inclined to think, that once the SSL session has been established, it would be easier to simply issue a new session ID. So long as it is transmitted within the SSL session, it is safe from interception (unless the SSL session itself is compromised, in which case session hijacking is the least of your worries). Granted, there is still a window during which the cookie is vulnerable, but it is significantly shortened.