that show region will only trigger if the the URL Variable is present and the Email has not been confirmed.
Allow if echo $_SESSION['UserEmailVerified']; = 1
Allow if echo $_SESSION['UserID']; <>
Allow if the Session UserEmailVerified is = to 1
Allow If the Session UserID is NOT = to an empty string - this will only pass if the userID session has a value.
if it does not have a value, the user is not loged in and the rule will not pass.
add the <?php var_dump($_SESSION); ?> code to the page you are having a problem with and send a copy of the page along with the session dump results when you are able to access it when you dont think you should.