Hi cm119,
From my point of view, you don't need the logout. With the logout page from the example, you will get the user session and with that, the mac address and controller and/or ap, the user is connected to. This should be enough to present the user a login page, with a description, that he is using basic access with some limits and to get over this, he simply needs to register. After he enters the details you use the information from the session to either logout the user and reauth the user with the new role or you send a COA.
But the above is just theory, but I have added it to the list of things I need to test. :)