When guests authenticate, their Internet access is available for a customizable duration (in hours) or "Account Validity."

This period can be set per profile (in the Identity menu, profile section). 

A profile is mapped to a guest based on:

• His authentication profile as he self-authenticates
• His sponsor selected his profile during account creation

If no profile matches a guest, the captive portal default Account Validity is applied

Account validity authorizes the guest's reauthentication based on Persistent first-party cookies. This reauthentication is transparent by default for the same device and for the duration of the account validity.

Session lifetime is an additional reauthentication mechanism allowing authentication persistency based on the device's private IP. While this is a strong way to recognize the device transparently, it relies on local Wi-Fi infrastructure for security enforcement. Depending on the local capability, the session duration should be customized to fit the security needs. The session lifetime is set between 4 hours and 30 days. When the session expires, for instance, the account validity is checked on the morning of the next day.

From a licensing perspective, the number of concurrent active sessions is counted against the subscription for all active locations. Based on contractual terms, overconsumption is allowed.