AT:

• user authorizations are not stored inside the user session but handled by a dedicated service
• user authorizations are cached by userId in order to avoid calling the engine for each authorization check in Optimize
• the authorization cache is invalidated/refreshed on session creation/destroy

Note:
This prepares the overall removal of session state inside a particular Optimize instance.