mbayhylle,
Thank you for that information.
Does your device get a specific role when it passes 802.1x authentication, and is that the role that has the ESI redirect command?
In addition, Does your AAA profile have an initial role and a default 802.1x role? Can you try changing the initial role for your aaa profile to the production role with the ESI rules in it? It could be that after inactivity, your user is being changed back to the initial role, and that role does not have the ESI rules.