are there circumstances where a cookie gets removed by the load balancer?

should not. passthrough = no ssl profiles on the BIGIP? Then no way it could remove a cookie... the BIGIP do not decrypt SSL in that case and cannot "see" any HTTP passing through.

Maybe your issue is that the backend sets a domain for the cookie and it doesn't corresponds to the URL in client's browser. I suggest a HTTP trace in your browser to see what cookie the app is setting.