Is logon module written by you or by third party? I woudl suggest you to see what cookies are returned in requests one and two. I assume that the request two returns SSO cookie called MYSAPSSO2. This cookie is usually valid for 8 hours and is used for all other requests sent to portal. If you get access to it then you can use it for authentication.
Cheers