isAuthorized: check for nulls in Session subjects, catch any unexpected errors and deny access when in doubt
isAuthorized: check for nulls in Session subjects, catch any unexpected errors and deny access when in doubt