Drupal - Authenticated REST requests becoming anonymous user
(Answering my own question, and trying to sound like a third-party so it makes better sense when read...)
It looks like it definitely has something to do with the session/cookie/etc., as subsequent calls seem to be coming from a different client (from the REST server's perspective.) I'm guessing bare PHP has no way of maintaining that cookie, like how a browser would. After looking here, it looks like the cookie needs to be formatted as such in the header of the request:
Cookie: session_name=sessid
(The cookie could also be retrieved from the response's headers->set_cookie variable. The latter will include all the expiration/link info in the string as well. While either method seems to work, I'm not sure if there are any ill-effects from one or the other. I just used the first method because it was the first solution I came across.)
Both session_name and sessid can be taken from the data area of the response after a user/login request. So the request would ultimately look something like this for a user/logout
POST /api/user/logout HTTP/1.0
Content-Type: application/json
Accept: application/json
X-CSRF-Token: igHUQD11Y8LYdyzHi8m5t33U_tCVZNHE6BbptE4mrwQ
Cookie: SESSd3a1acd26f95229c67cd0a9a1e455bd4=rv-Kbyb8znaGlYBBU5Dn7M2GzkYdWnun5aXcVYLVfvY
User-Agent: Drupal (+http://drupal.org/)
Host: mysiteurl.com
Content-Length: 0