So after much hair shedding and googling I couldn’t find a straight answer to my problem when trying to launch CKFinder, it suddenly struck me that as I was using a session variable, $_SESSION['editor'], to authenticate the user that maybe perhaps a session ought to be started by the config.php file!
Simply adding session_start(); at the top of config.php unlocked it for me – somehow I had presumed that as these files were all being included that the session would be carried over – but not the case, I am guessing the config.php file is probably called in a standalone mode via ajax meaning the session needs to be injected. I couldn’t find this answer anywhere so I thought I would post it to help others who come across the CKFinder browser being blocked for security reasons when they are sure they have completed the authentication method correctly.