I created a new rule called "Logged In Email Confirmed". But it actually only checks one thing, which is, "is the session for UserEmailVerified >= 1?"
Here's the rule;
case "Logged In Email Confirmed":
$comparisons = array(TRUE, "".((isset($_SESSION['UserEmailVerified']))?$_SESSION['UserEmailVerified']:"") ."", 6, "1");
(not sure what the 6 means)
It seems to now do everything I need it to. Not sure why this works and the original = 1 doesn't. But there is that added UserID <> in that rule.
So it is blocking access to the protected page for the following
Not logged in at all
Logged in but not email verified
And the show regions work as well with this rule.
I have tested this by logging in as both a verified and a not verified user. And by closing my browser each time. But if I encounter trouble, I will report that for reference.
If you see anything weird in that session dump from earlier please let me know.