hi Fred
If that value is from your network, a value of 5 is very agressive - I of course don't know the history of that value, but, I might suggest that you increase that value to match the current setting of the AAA timer (global or the AAA profile if it's set) to see if that stabilises things.
The changes to the age out mechanism started in 6.2, but ther per aaa profile ability to set a user idle timeout just arrived in 6.3 - hence I cannot be sure as to the value that is actually being used, but globally you have a value of 600 seconds.
How might this value be causing problems ? in the case of say wpa2-aes auth, if the client is not presenting a PMK ID or there is a mismatch (and validate PMK id is enabled on dot1x profile) then client will be re-performing the full dot1x each time it authenticates as it cannot make use of any cached pmkid or OKC etc.
This value will also create a drain on battery life of clients - I have seen this in my lab with an ipad2 when I set the sta ageout to something like 60 seconds. Typically ipads (as an example) send out a few packets every few minutes, but with such a low STA ageout, the client was getting disconnected frequently and having to re-auth, which killed the battery. I would recommend that the STA age out to be set to something a lot closer to the AAA user idle timeout.
I must again mention I don't know the history of how or why you have a value of 5 - but I do suspect this is involved in your observations.
regards
-jeff