I think within the session-logs are only valid sessions therefore nothing about denied sessions. But a linking to the event-log could be possible and helpful per the timestamp-field. Maybe it needs a little bit blurring with one or two seconds. But it could you give the ratio between used CAL's and denieded access. Maybe you could use or customize already built apps - have a search here to GovernanceDashborad and GovernanceMaterials.
Another possibilty could be to check (and maybe associate) log-files from web-server: http://community.qlik.com/message/693724#693724.
Yes I've used the Governance Dashboard and QlikView System Ops Monitor, plus I've made my own App. But the few seconds of difference makes it unreliable, but well I did some statistics and calculations and I'm almost done.
If it helps anyone, In "Events" log, there's Message, so in the script I added:
IF(LEFT(Message,24)='CAL usage: Access denied',1) as DeniedCounter,
So letter I could graph SUM( DeniedCounter ) by month, or by day ("date" actually) and found out we are loosing 20 sessions a day, many ceros, but many more non zeros, with numbers up to 400 a day!
Who exactly did we lost, and to what document? Well we cannot know for certain but I distibute them according to what "Sessions" log tells me it's more popular.