The rule should check that the session variable is equal to 1.
Then you can add that rule check where you want it. It might be easiest to add the same check to your current login access rule, then on your login page you can detect if someone is logged in but not active and show a custom message.