3 problems i see:
1) You are using the login success rule in the authentication on the personal page, you should use the "Logged Into <your user table>" rule instead
2) There is no redirect to the login page on authentication failure, you should redirect to the login page if the access rule fails
3) in the recordset on the personal page, you are filtering the UserGroupID column on the UserGroupID session variable.
the login page does not create a UserGroupID session variable. Also, the UserGroupID would uniquely identify the user.
you should be filtering the UserID column on the SecurityAssist_UserID session variable that is created by the login.