Yes, you are correct. When a client connects there is a timer in this case by default 1800 seconds (30 minutes). When this timer is up the wlc send a client a deauth frame and makes the guest reauth again.
When security is deployed, this is used to regenerate new PMK keys with the clients. In the case of guest, it kicks idle users off. You can disable this all together or make the timeout greater.
I hope this helps ..
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________