Checking secure session

Protected HRMS routes require a valid bearer-token session.