So if I'm reading this right, you have a rule set up:
Restrict if $_SESSION['acc_id'] = 1
Allow if $_SESSION['email_verified'] = 1
Restrict if $_SESSION['status'] = Consolidated
The way this works is it reads down the list but once something is allowed or restricted it doesn't read any further.
So if $_SESSION['acc_id'] equals 1 it will fail the validation and won't go any further.
If $_SESSION['acc_id'] does not equal Consolidated then it will go to the next line and Allow if $_SESSION['email_verified'] equals 1. If it does than it will allow and won't read the next line.
So if you want to restrict solely on the basis of the status, you should create a separate rule and only check that value.
Did this help? Tips are appreciated...
