为idhttp伪造session
很多网站使用了session来 记录用户登录状态，idhttp本身是不记录session的， 需要通过一些技术手段来伪造session。

以Get为例，idhttp伪造session
IdHttp1.Get(mURL1);
mStr := IdHttp1.Response.CustomHeaders.Values['Set-Cookie'];
if Pos(';',mStr)>0 then
Session_ID := LeftBStr(mStr,Pos(';',mStr)-1)
else
Session_ID := mStr;

IdHttp1.Request.CustomHeaders.Add('Cookie:' + Session_ID);
IdHttp1.Get(mURL2);
----------------------------------------------
目前很多网站如百度都禁止indy组 件访问。因此必须注意UserAgent和http1.1的 设置。

dHTTP1.Request.Connection:='Keep-Alive';
IdHTTP1.Request.UserAgent:='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)';
IdHTTP1.Request.ContentType:='application/x-www-form-urlencoded';
IdHTTP1.Request.Referer:='http://www.xxx.com';
IdHTTP1.Request.Accept:='image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/msword, */*';
IdHTTP1.Request.AcceptLanguage:='zh-cn';
IdHTTP1.Request.AcceptEncoding:='gzip, deflate';
IdHTTP1.Request.CacheControl:='no-cache';
IdHTTP1.ReadTimeout:=60000;
IdHTTP1.HTTPOptions:=IdHTTP1.HTTPOptions+[hoKeepOrigProtocol]; //关键这行
IdHTTP1.ProtocolVersion:=pv1_1;