When guests authenticate, their Internet access is available for a customisable duration (in hours) or "Account Validity".
This period of time can be set per profile (in Identity menu, profile section).
A profile is mapped to a guest based on:
His authentication profile as he self authenticates
His sponsor selecting his profile during account creation
If no profile matches a guest, the captive portal default Account Validity is applied
Account validity authorize reauthentication of the guest based on Persistent first party cookies. This reauthentication is transparent by default for the same device and for the account validity duration.
Session lifetime is an additional reauthentication mechanism allowing to keep authentication persistency based on the private IP of the device. While this is a strong way to transparently recognize the device, this relies on local Wi-Fi infrastructure for security enforcement, and depending on the local capability the session duration should be customized to fit the security need. Session lifetime is set between 4 hours to 30 days. When the session expires, the morning of the next day for instance, the account validity is checked.
From a licence prospective, the number of concurrent active sessions are counted against the subscription for all active locations. Over consumption is allowed based on contractual terms.