OK,
I removed the check for the session UserID from the email verified server behavior and now everything works fine.
I looked in the HelperGroupsRulesPHP.php shipped in the original zip file I downloaded from your site and found the comparison rules for 'Email Confirmed'.
The rules are as follows:
...
case "Email Confirmed":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['UserEmailVerified']))?$_SESSION['UserEmailVerified']:"") ."", 1, "1");
$comparisons[1] = array(TRUE, "".((isset($_SESSION['UserID']))?$_SESSION['UserID']:"") ."", 2, "");
break;
...
So you ship the product with the two checks.
This begs the following question: How did this ever work if the comparison check is an OR operation?
I'm looking at the code in Security Assist Helper_PHP.php now and trying to figure out how it works. I'm an old C++ guy though and I have never worked with PHP before so the going is slow. :)
I am worried though...
If you include the check for 'UserID' along with the check for 'UserEmailVerified' in the original source code there must be a reason. Also, why would the check work for a while then stop working?
Like I said... I'm confused.