Multiple cookies in header only offering one

Full disclosure I cut back the model to the relevant parts that show how I've been trying to access the cookies.

I guess it might be more helpful if I explain my full use case and share some logs. I'm calling a API that requires getting an auth token with a first call and using a session cookie. So perhaps my question is simple, how do I accept a cookie in and have it persist for the second call where the actual work happens? I was trying to read the cookie from the first response header and set it in the second request header - this works in straight guzzle but as noted above, I'm not able to (or don't know how) access all the cookies using a response model.

Here's my anonymized debug log.

*   Trying x.x.x.x:44300...
* Connected to my-example.com (x.x.x.x) port 44300 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=my-example.com
*  start date: Mar 12 00:00:00 2023 GMT
*  expire date: Feb  9 23:59:59 2024 GMT
*  subjectAltName: host "my-example.com" matched cert's "my-example.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=RapidSSL TLS RSA CA G1
*  SSL certificate verify ok.
> GET /my/example/path HTTP/1.1
Host: my-example.com:44300
User-Agent: GuzzleHttp/6.5.5 curl/7.74.0 PHP/8.1.8
Authorization: Basic YXBpdGVzdDpkYXJ0bW91dGg5OQ==
Accept: application/json
Content-Type: application/json
X-CSRF-Token: Fetch
Cache-control: no-cache

* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< set-cookie: sap-usercontext=sap-client=200; path=/
< set-cookie: SAP_SESSIONID_G4D_200=WgR_NXWhmU2bmm0wXZ-esUUUzKMNAxHumh8A2GHKkLs%3d; path=/; HttpOnly
< content-type: application/json; charset=utf-8
< content-length: 20
< x-csrf-token: 3y9jdVCjxiApSCodboEwkA==
< sap-metadata-last-modified: Tue, 13 Jun 2023 19:04:37 GMT
< cache-control: no-store, no-cache
< dataserviceversion: 2.0
< sap-processing-info: ODataBEP=,crp=,RAL=,st=X,MedCacheHub=SHM,MedCacheBEP=SHM,codeployed=X,softstate=
< sap-server: true
< sap-perf-fesrec: 51745.000000
< 
* Connection #0 to host my-example.com left intact
* Found bundle for host my-example.com: 0xaaaaf5c6d800 [serially]
* Re-using existing connection! (#0) with host my-example.com
* Connected to my-example.com (203.51.48.177) port 44300 (#0)
> POST /my/example/path HTTP/1.1
Host: my-example.com:44300
User-Agent: GuzzleHttp/6.5.5 curl/7.74.0 PHP/8.1.8
Authorization: Basic YXBpdGVzdDpkYXJ0bW91dGg5OQ==
Accept: application/json
Content-Type: application/json
x-csrf-token: 3y9jdVCjxiApSCodboEwkA==
Content-Length: 270

* upload completely sent off: 270 out of 270 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< set-cookie: sap-usercontext=sap-client=200; path=/
< set-cookie: SAP_SESSIONID_G4D_200=O1IV5M1EjXOrhi-eVMpE-XbBCtcNAxHumk0A2GHKkLs%3d; path=/; HttpOnly
< content-type: text/plain; charset=utf-8
< content-length: 28
< x-csrf-token: Required
< sap-processing-info: ODataBEP=,crp=,RAL=,st=,MedCacheHub=,codeployed=X,softstate=
< sap-server: true
< sap-perf-fesrec: 33316.000000
< 
* Connection #0 to host my-example.com left intact

Hi @redsky,
you should use the Handler Stack as described here: https://www.drupal.org/docs/8/modules/http-client-manager/the-handler-stack →
Use the handler stack to perform your first request and set the cookie you'll later use on your second request.

Regards,
aronne