All is well!
Found the problem.
My header info on Line 4 at the "WA_Auth_RestrictAccess" part was set wrong - I was telling the browser to go to the same page the user was actually on instead of redirecting it to the users login page if they hadn't provided log in details. Doh!!!
Some times the answer is just staring you in the face.... :)