You should just secure the page with the "logged into users" rule.
You probably just have to start the session on the top of the page to start using the session variables defined. If you add the Restrict Access to page server behavior the session should automatically be started which should kill two birds with one stone.
To activate the session without applying the restrict access server behavior you can add this to the top of the page:
<?php
@session_start();
?>