Brian,
My session variables were set correctly. It seems you cannot stack two "allow if" statements. If you do this it appears to let in users when either of the two individual conditions are true (as opposed to both true - which was what i wanted). In your experience is this true?
To fix, i had to do as follows:
restrict if
<?php echo $_SESSION['userActivity']; ?> = 0
Then underneath (had to be below the restrict if statement for some reason)
allow if
<?php echo $_SESSION['userLevel']; ?> = 2
All seems to be working properly now.