набор httpCookies requireSSL к истинному на http не вызывает ошибок

No. What the setting does is that it sends the 'Secure' parameter when setting the cookie. After receiving a cookie with that parameter, the client should only send it back to the server when the connection used is secure.

That's is why the client is not sending back the cookie and you're not seeing it. Also, the server should not send set this type of cookie over an insecure connection.

See RFC-2109, section 4.2.2 for the explanation on how the 'Secure' attribute is used and interpreted.