Hi Milan,
First of all, thanks for reaching out.
Let me try to understand what exactly are you facing.
You have a Published REST service that requires authentication and has "Active session" as authentication method? Like in the image below?
Then you are trying to access this service by using a REST Consume action?
This type of authentication is built to be used in the context of the browser; to help load data with JavaScript. For it to work, It requires the cookie to be available in the browser and additional CSRF token to be passed with every request. If you don't have the cookie or the token it will not work.
General flow for this authentication type is for some user to login into the application and by that create a session. When user logs in, session cookie is saved in the browser and that cookie can later be reused by the app to validate the users identity. Previously this only worked with normal pages. You could open different pages while still being logged in. Now we have expanded this to also work with rest services. But for it to work, you still need to be in the browser. So it is only possible to access the service from JavaScript.
You can take a look at the reference documentation how to access the service from you client side code (section 3.2). https://docs.mendix.com/refguide/published-rest-service
If you are using "Username and password" authentication, that requires you to send username and password with every request because by default REST services don't have a concept of session. They are request based and every request needs to be authenticated and authorized by itself.
Hope this helps.