Handle no session yet properly

hmdooris/__main__.py

@@ -93,7 +93,9 @@ def post_api_lock(id):
 @jinja2_view("not_authorized.html.j2")
 def not_authorized(error):
     code, msg = error.args
-    groups = request.session[auth.sess_attr]['groups'] if 'groups' in request.session[auth.sess_attr] else []
+    groups = []
+    if auth.sess_attr in request.session and 'groups' in request.session[auth.sess_attr]:
+        groups = request.session[auth.sess_attr]['groups']
     return {
         'user': auth.my_username,
         'ip': request.remote_addr,