You configured to wrong value...because some users/some devices can enter to sleep mode or getting idle.
In order to keep user auth after captive login,go to:
Configuration/Authentication/Advanced
Under this screen you have the ability to set various timeout values. You will want to 'bump up' "user idle timeout" to reduce the number of times the captive portal pops-up to the users.
"aaa timer idle-timeout "- this is the timer for the datapath to detect if there is no more new sessions nor traffic initiated for a user record. When the time has come, it will signal the control plane "authmgr" to ping the client. The ping is three consecutive checks with 1 sec interval. If there is no ping response, you should issue an "aaa user delete w.x.y.z" command to clean up the user record. If the client can reply, the user record is kept for another round of idle timer."
More good info you may find here:
http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-AAA-Idle-Timeout-and-Authentication-Server-Dead-Time/td-p/106
let me know if it answer your question.
me :smileyhappy: