Use exceptions instead of checking for null to send correct http code
If a session was not found in database this will result in http 404, if the session is not accessable for the current user the request will result in http 403. The old behavior was to check for null. This was the response if the session was not found or the current user could not access this session (not owner and inactive sessions). Both ended up with http 404 - not found.
Showing with 62 additions and 11 deletions