This issue relates to users of Handheld Wi-Fi devices such as iPhones and the way they use Hibernation mode to save on Battery power.
What we are seeing is that the user logs in using the 'Guest' Account details (Using web-auth, no L2 Security), if the user then allows their handheld device to go into hibernation mode for a period of time, they must login again.
From what we can tell, this timeout period is relatively short, when monitoring the clients, we see that after 10 mins of idle time, the user becomes 'dis-associated' and 'no longer seen from controller' The user then has to login again.
I've changed the 'Session Timeout' values 14400 seconds on all controllers (Advanced tab on the WLAN Page). but this has no effect.
Thanks in advance.
Here is some additional reading on the subject ..
Q. What are the explanations for these timeout settings on the controller: Address Resolution Protocol (ARP) Timeout, User Idle Timeout, and Session Timeout?
A. The ARP Timeout is used to delete ARP entries on the WLC for the devices learned from the network.
The User Idle Timeout: When a user is idle without any communication with the LAP for the amount of time set as User Idle Timeout, the client is deauthenticated by the WLC. The client has to reauthenticate and reassociate to the WLC. It is used in situations where a client can drop out from its associated LAP without notifying the LAP. This can occur if the battery goes dead on the client or the client associates move away.
Note: In order to access ARP and User Idle Timeout on the WLC GUI , go to the Controller menu. Choose General from the left-hand side to find the ARP and User Idle Timeout fields.
The Session Timeout is the maximum time for a client session with the WLC. After this time, WLC de-authenticates the client, and the client goes through the whole authentication (re-authentication) process again. This is a part of a security precaution to rotate the encryption keys. If you use an Extensible Authentication Protocol (EAP) method with key management, the rekeying occurs at every regular interval in order to derive a new encryption key. Without key management, this timeout value is the time that wireless clients need to do a full reauthentication. The session timeout is specific to the WLAN. This parameter can be accessed from the WLANs > Edit menu.
The code has been changed for Controller version 4.0, where, if you configure a Layer 2 security with static Wired Equivalent Privacy (WEP), Cisco Key Integrity Protocol (CKIP), or Wi-Fi Protected Access (WPA1+WPA2) PSK, the controller automatically sets the session timeout to 0.