I'd set the right path using the -path key when creating the cookie to be sure it is being set to the right value. See the doc for how to do so.

In any case, it sounds like your problems could be more than solved by using HTTP's Basic auth for securing the directory you wish.

Update I'll assume that my $cookie = $query->cookie(-name=>'cookie', -value=>'hello', -domain=>'www.cis$ isn't the actual line in use, otherwise I would not expect it to work at all.