This is normal for Indy. It throws exceptions for non-successful responses like 401. You need to catch the exception and then check the response text, if you're really interested in the response text. (Typically, you're not, because the response code alone tells you all you need to know.) When you get an exception, the response text will be in the exception's ErrorMessage
property.
try
x := http.get("https://mysite.sexy/sessionid?login=abc&password=abc");
except
on E: EIdHTTPProtocolException do begin
if E.ErrorCode = 401 then
x := E.ErrorMessage
else
raise;
end;
end;
Setting the authorization properties of the request object apparently doesn't help because your server doesn't use standard HTTP authentication. Otherwise, Indy would have handled the 401 response and resent the request with the password automatically.