SecurityAssist Rule not working as expected, serious security problem for me temporarily
So I had a bit of freak out moment here as I've just discovered I have quite a few CMS systems that aren't properly secured. Upon login I set a session SecurityAssist_UserLevel from the user table. My admin pages are supposed to require that the user is logged in AND the UserLevel is '8'. Apparently as I have it set it's an either/or situation, as anyone regardless of userlevel can access these pages. I've confirmed the session userlevel is setting properly. I tried looking at the help documentation, but I can't make heads or tails of how to make sure these two requirements are an AND, not an OR.