Double click the Authenticate User server behavior on the login page and go to the third page, make sure the UserLevel column is added to the list of sessions to set.
just to double check what sessions are being set, add the following code to the access denied page:
</pre><?php var_dump($_SESSION); ?></pre>
The output from the above code simply says 'NULL'. I've attached the code for the login page.