You could set up a RADIUS server on which users are generated with a expire time.
Set the captive portal to authenticate against this RADIUS server and enable the option to reauthenticate every minute (might require some decent hardware if you want to do that for a large number of users).
