Are you accessing the CGI script with HTTPS? If not, -secure => 1 will prevent the browser from sending it.

Also, you can (and should) debug all the steps that the cookie takes. For example with firebug (a firefox extension), you can see the whole HTTP response, including headers. Is the Set-Cookie line like you'd expect it?

If yes, next step: in the browser, list all cookies for your domain. Is it there?

If yes, next step: initiate another HTTP request from the browser, inspect the HTTP request. Is the cookie in there?

If you can answer all of those questions with "yes", you know that you have a problem with reading the cookie. Otherwise it's a problem with setting the cookie (or possibly a step inbetween).