server that responds to command line client doesn't support use of HTTP cookies

We use GitLab with an external Shibboleth SSO. For other Shibboleth-protected services, we have written a script which will save a cookie that can be passed to cURL or any other cookie-aware client to access protected pages. For example, although we're encouraging people to migrate to GitLab, we still serve repositories with git-http-backend and the git client configured to authenticate with a cookie:

[http]
	saveCookies = true
	cookiefile = /tmp/mycookie

I can point this cookie-generating script to

https://our.org/users/auth/shibboleth/callback

and get a cookie. I can use the cookie to download "browser-viewable" pages such as https://our.org/dashboard/activity. But, I cannot mimic the early steps of a git command line client by

curl -b /tmp/mycookie https://our.org/my.name/my-project.git/info/refs?service=git-receive-pack

it seems to me that this should be a do-able thing. I had hopes that resolving gitlab-ce#14501 would enable this workflow, but it did not.

Is this difficult? It seems to me that it would have the added use case of avoiding the need for a credential helper even for users who are not using external authentication. You get a cookie and it lasts however long it lasts for (a server knob) and the git client uses it. (I believe) It takes an active choice to enable the use of saving cookies in git so it's unlikely to produce sessions laying around strange filesystems. You should, of course, test that proposition.