I have a rails application that uses cookies for session management. In the consumer pact we don't really care about sending the cookie, and on the provider side we use that to specify an account to authorize with. I'm pretty lost with how this should work - in the provider state should I somehow login as a user so I can pass authorization / authentication checks, or how do you all manage an authenticated endpoint?

It feels like you should send a cookie in the right shape from the consumer side to verify that the consumer is actually sending the cookie, and in the provider state, you configure your verification to accept the cookie. I admit this isn't super ergonomic, so perhaps the pact docs have a better approach?