No, your security assist rules should be using the session variables.
the way the login behavior works is this:
You set up a login form, and apply the login behavior. In the login behavior you select the table that contains the user info, on the Data Base tab, you select the username and password columns, and bind those to the form elements in your login form, on the Session tab, you select columns like the ID column to save to a session on successful login.
your login rule will then be set to Allow if the ID Session is not blank. The ID session that is created by the login behavior will be blank unless a user has logged in.
On the session tab, you can add other columns to save as a session as well.