The user idle timeout is used to clear clients from the user table. As you mention in your case; when the controller detects a user is idle for 5 minutes, it will check to see if the client is still there (connected, just not doing anything). If it is, it resets the timer and leaves it alone. If the device is not there (disconnected or asleep), then the client is removed from the user table. When the device comes back online, the reauthentication depends on the authentication type you have set for the network. If it is 802.1X, the client will typically cache the logon, so no reauthentication is seen, although it takes place. If it is a pre-shared key network, the client caches the key and will connect without any visible authentication. If the network is Open, it will just connect. The only time you'd typically see a reauthentication visually is if the client is set not to cache the username/password on an 802.1X network or if you have Captive Portal setup for an Open network.