My session variables were set correctly. It seems you cannot stack two "allow if" statements. If you do this it appears to let in users when either of the two individual conditions are true (as opposed to both true - which was what i wanted). In your experience is this true?
To fix, i had to do as follows:
<?php echo $_SESSION['userActivity']; ?> = 0
Then underneath (had to be below the restrict if statement for some reason)
<?php echo $_SESSION['userLevel']; ?> = 2
All seems to be working properly now.