In the https sections
A site being discussed is not encrypted, it is plain-text http.
specifically because of the password/cookie issue.
As I said before, there's no cookie issue, there's Redirect location issue.
Specifically, this site uses
relative redirect url (which is not common, but valid since 2014).
My bad, I overlooked comments in Synapse and said
Synapse's one does not return Response Headers
which is wrong, because it uses Headers as Request, and replaces same StringList with Response values. So Location is available.
I was hoping there might be some way to PIPE the output from the user's monitor to a file.
Forget it (OpenURL). The best you can do with this approach: TProcess + specific commandline.
UPD: The only foreseeable problem, that you're (probably) requesting an url that is normally accessible to logged-in users (normally, logins are executed by POST (via html-form-variables) requests) and it seems like you're missed that step, so you're getting redirects to a Login form.
But actually you always should handle "login required" situation (f.e. in case of session has been expired, or whatever other reason) in the middle of your data exchange process.
Summary: try login first and there are chances you won't get any 302s at all (for the first time :-)).