[BUGFIX] Fix access denied exception after session timeout with CSRF
This change nests the firewall inspection in the try catch block that
also catches AuthenticationRequired exceptions from requests. The
CsrfProtection pattern will check if any CSRF token is present in the
context and throws an AuthenticationRequired exception otherwise to
proceed to an entry point for re-authentication.