...but these opened the page up to anyone.

How so?

This will redirect the page if the session variable is either empty (or not set) OR >= 3

if (empty($_SESSION['SESS_ACCESS_LEVEL']) || ($_SESSION['SESS_ACCESS_LEVEL'] >= 3)) {  
 header("location:http://intranet/unauthorised.php?mode=accesslevel");  
 exit();  
}

Would this do the same?

if(!isset($_SESSION['SESS_USER_ID']) || (trim($_SESSION['SESS_USER_ID']) == '')) {

if(!isset($_SESSION['SESS_USER_ID']) || (trim($_SESSION['SESS_USER_ID']) == '')) {

This evaluates to true if the session variable does not exist or contains just white space (including a blank string). This isn't 'the same' as the above, but might be what you require.

OK, thanks for clearing that up. Is there a way or checking whether the session is empty, not set and blank in one go? I'm trying to make my intranet as secure as possible by checking that the user is logged in.

Thanks

By 'session', I assume you mean 'session variable', which is just the same as any other variable... and depending on your definition of 'blank' there is PHP's empty($myVar) [uk3.php.net] function (as mentioned above). This returns true if $myVar is not set at all, or is perceived to be 'empty' ie. contains the empty string (but not a string of spaces), contains 0 (zero) or "0" or is (bool)false, etc. (see the help page for more). These are presumably all invalid if you are checking that your user is logged in.

However, if you are checking that the user is logged in, may be you shouldn't be concentrating too much on invalid/empty values but whether the user id is indeed valid....

eg.

if (isset($_SESSION['SESS_USER_ID']) && loggedIn($_SESSION['SESS_USER_ID'])) { 
  // User ID is valid 
} else { 
  // Not valid 
}