Thanks again for your help Jason..
.. For those that are wondering about my solution, and in the hope it will help someone having a similar problem, here is how Jason helped me..
on the index page, you have access restriction that redirects to the user update page:
set that to redirect to the login success page instead.
Thanks Jason.. just out of curiosity, the tutorial states in the " Lock down your site section:
In the menu bar, Click WebAssist > SecurityAssist > Manage Site Access > Access Pages Manager.
1. Select the page you want to lock down from the File Name column.
2. For the Grant access if field, select VerifiedUser.
3. For the If access denied, go to field, select userupdate.php.
4. Once all pages are configured, click OK.
So is this correct, as it seems to have been the source of the confusion I was having?
It's a matter of which page the redirect was pointing to.
when you set page access restriction, you set it to redirect to the Update page, the update page redirected to the login page.
if you try to access a page that is restricted, the login page will redirect to that page on success and over ride the login success setting.
by setting the access restriction to redirect to the login success page, it is over riding the login success with the same page, if that makes sense.