Hi Vicenzo, Now I'm at the same point 
I've been able to reproduce your scenario. If you force to log on first on your app then you could consume your hanaxs service without logon again.
The best way to force logon in your app would be:
<login-config>
<auth-method>FORM</auth-method>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Role Everyone will not be assignable -->
<role-name>Everyone</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>All SAP HANA Cloud Platform users</description>
<role-name>Everyone</role-name>
</security-role>
I have a problem consuming hanaxs service throught JS because Hana server makes a redirection first. I'm trying to avoid that.
Kind regards