Type: Allow if
Value: <?php echo $_SESSION['SecurityAssist_companyID']; ?>
Criteria: <>
...and I think I see the problem. I wanted my session vairable to be called companyID, NOT SecurityAssist_companyID, so I renamed it. I suspect this will "cure" things, right? In the future, is there somewhere that I can name what I want my session variable to be called instead of accepting the Security Assist default? Thanks! I'll let you know if renaming the value in this rule works.