diff --git a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/session/QSession.java b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/session/QSession.java
index cf050a18..284942ba 100644
--- a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/session/QSession.java
+++ b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/session/QSession.java
@@ -48,7 +48,7 @@ public class QSession implements Serializable, Cloneable
    private QUser  user;
    private String uuid;
 
-   private Set<String>                     permissions;
+   private Set<String> permissions;
 
    private Map<String, List<Serializable>> securityKeyValues;
    private Map<String, Serializable>       backendVariants;
@@ -360,12 +360,38 @@ public class QSession implements Serializable, Cloneable
          return (false);
       }
 
-      List<Serializable> values      = securityKeyValues.get(keyName);
-      Serializable       valueAsType = ValueUtils.getValueAsFieldType(fieldType, value);
+      List<Serializable> values = securityKeyValues.get(keyName);
+
+      Serializable valueAsType;
+      try
+      {
+         valueAsType = ValueUtils.getValueAsFieldType(fieldType, value);
+      }
+      catch(Exception e)
+      {
+         ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+         // an exception in getValueAsFieldType would indicate, e.g., a non-number string trying to come back as integer. //
+         // so - assume that any such mismatch means the value isn't in the session.                                      //
+         ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+         return (false);
+      }
+
       for(Serializable keyValue : values)
       {
-         Serializable keyValueAsType = ValueUtils.getValueAsFieldType(fieldType, keyValue);
-         if(keyValueAsType.equals(valueAsType))
+         Serializable keyValueAsType = null;
+         try
+         {
+            keyValueAsType = ValueUtils.getValueAsFieldType(fieldType, keyValue);
+         }
+         catch(Exception e)
+         {
+            ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+            // an exception in getValueAsFieldType would indicate, e.g., a non-number string trying to come back as integer. //
+            // so - assume that any such mismatch means this key isn't a match.
+            ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+         }
+
+         if(valueAsType.equals(keyValueAsType))
          {
             return (true);
          }
@@ -561,6 +587,7 @@ public class QSession implements Serializable, Cloneable
    }
 
 
+
    /*******************************************************************************
     ** Getter for valuesForFrontend
     *******************************************************************************/
@@ -591,6 +618,7 @@ public class QSession implements Serializable, Cloneable
    }
 
 
+
    /*******************************************************************************
     ** Fluent setter for a single valuesForFrontend
     *******************************************************************************/
@@ -604,5 +632,4 @@ public class QSession implements Serializable, Cloneable
       return (this);
    }
 
-
 }
diff --git a/qqq-backend-core/src/test/java/com/kingsrook/qqq/backend/core/model/session/QSessionTest.java b/qqq-backend-core/src/test/java/com/kingsrook/qqq/backend/core/model/session/QSessionTest.java
index cd676342..dd085268 100644
--- a/qqq-backend-core/src/test/java/com/kingsrook/qqq/backend/core/model/session/QSessionTest.java
+++ b/qqq-backend-core/src/test/java/com/kingsrook/qqq/backend/core/model/session/QSessionTest.java
@@ -76,7 +76,7 @@ class QSessionTest extends BaseTest
    void testMixedValueTypes()
    {
       QSession session = new QSession().withSecurityKeyValues(Map.of(
-         "storeId", List.of("100", "200", 300)
+         "storeId", List.of("100", "200", 300, "four-hundred")
       ));
 
       for(int i : List.of(100, 200, 300))
@@ -86,6 +86,18 @@ class QSessionTest extends BaseTest
          assertTrue(session.hasSecurityKeyValue("storeId", i, QFieldType.STRING), "Should contain: " + i);
          assertTrue(session.hasSecurityKeyValue("storeId", String.valueOf(i), QFieldType.STRING), "Should contain: " + i);
       }
+
+      ////////////////////////////////////////////////////////////////////////////
+      // next two blocks - used to throw exceptions - now, gracefully be false. //
+      ////////////////////////////////////////////////////////////////////////////
+      int i = 400;
+      assertFalse(session.hasSecurityKeyValue("storeId", i, QFieldType.INTEGER), "Should not contain: " + i);
+      assertFalse(session.hasSecurityKeyValue("storeId", String.valueOf(i), QFieldType.INTEGER), "Should not contain: " + i);
+      assertFalse(session.hasSecurityKeyValue("storeId", i, QFieldType.STRING), "Should not contain: " + i);
+      assertFalse(session.hasSecurityKeyValue("storeId", String.valueOf(i), QFieldType.STRING), "Should not contain: " + i);
+
+      assertFalse(session.hasSecurityKeyValue("storeId", "one-hundred", QFieldType.INTEGER), "Should not contain: " + i);
+      assertFalse(session.hasSecurityKeyValue("storeId", "one-hundred", QFieldType.STRING), "Should not contain: " + i);
    }