This is actually something that I work on with my team here at Pantheon through our Advanced CDN. We can use Advanced CDN in front of your site to maintain all of the advantages of the Global CDN layer, but with more advanced features. In fact depending on how the cookies are verified, it’s possible that the authentication layer could be moved entirely to the edge. If not, we could re-write the keys into a pattern that works with Global CDN, or we could add a custom header that your application checks for instead of the cookie. You account rep can get you more details if that’s a route that would make sense for your client.
Alternatives to ACDN would be to use Apache or Nginx to proxy traffic and modify the cookies.
Outside of those two options I can’t think of any other ways around this.
Hope that helps!