Max sessions is the number of firewall sessions in a role, NOT the number of users. If you set this parameter to one, only a single user can pass any traffic to a single host, locking everyone else out. This is NOT what you want. Please change that parameter back to 65536.
In the Captive Portal Authentication profile, you can use the "Allow only one active user session" parameter so that users can only use their login once when logging into the Captive Portal. Go to Configuration> Security> Authentication> L3 Authentication> Captive Portal Authentication Profile. Choose the Captive Portal Authentication Profile that applies to your WLAN and enable the "Allow only one active user session" parameter. This will allow a user to use his login only once. There is nothing to limit a user to 10 logins.