I was wondering how we can leverage Apex to interact with a web service that requires session state (ie, cookies) to be preserved in order to issue further API calls.

I thought simply reusing the HTTP object would do this, but apparently not.  Here's what I have:

string endpoint = 'https://somesite.com/api'; string user = 'someuser'; string pwd = 'somepassword'; //set up the http object to be reused http ohttp = new http(); //set up the first request httprequest oReq1 = new httprequest(); oReq1.setendpoint(endpoint + 'login.aspx?user=' + user + '&pwd=' + pwd); oReq1.setmethod('GET'); httpresponse loginresponse = ohttp.send(oReq1); //set up the second request httprequest oReq2 = new httprequest(); oReq2.setendpoint(endpoint + 'secondapicall.aspx'); oReq2.setmethod('GET'); //this one fails because the session state is not preserved from the first call httprespons secondresponse = ohttp.send(oReq2);