After running into trouble trying to use ApacheBench over SSL, I went ahead and gave Siege a try. Initially, I was very impressed as it handles SSL well and has some cool features that ab doesn't.

I didn't have any trouble getting it to work as an authenticated user using the -H flag to set the "Cookie" header, but I recently discovered that you can also provide a "login url" in your siegerc. This sounded great since that allows me to take one more bit of logic out of my wrapper script, but I couldn't get it to work.

After playing with the source a bit, I found a couple things.

First, in main.c, I found a hidden flag:

Using the -D flag will print out all request and response headers. Very helpful!

This illuminated that fact that although every response had a Set Cookie, no Cookie header was being sent back in the requests.