According to the 2nd edition of the O'Reilly CGI book, if you set the path, the browser will only return the cookie for URLs below it.

If you set it for /secure, /secure/foo.cgi and /secure/bar.cgi will have access to it, but /insecure won't.

To test cookie setting, I usually tell my browser to warn me about every cookie being set. (They're usually stored in Temporary Internet Files under your profile under Win32, though.)