Check RFC 6265 HTTP State Management Mechanism, 5.1.4. Paths and Path-Match:
A request-path path-matches a given cookie-path if at least one of
the following conditions holds:
o The cookie-path and the request-path are identical.
o The cookie-path is a prefix of the request-path, and the last
character of the cookie-path is %x2F ("/").
o The cookie-path is a prefix of the request-path, and the first
character of the request-path that is not included in the cookie-
path is a %x2F ("/") character.
It does not mention any wildcard handling, so it’s not possible to use wildcards in the path.