When you look at my profile, you will see lot of openwrt projects, mostly hotspot systems.
It is openwrt, because openwrt is much better suited to hotspots with "above-average" requirements, compared to MT.
Although I used MT 10 years ago already for hotspots, I noticed the deficienties, i.g. because of their closed-source environment, and dropped MT.
Your requirement is rather common, and a serious solution ony to be done on the radius part. During auth, the radius server has to verify the MAC of the client, whether still some user-time left. In openwrt-based systems, using coova-chilli as CP (captive portal; coova-chilli is my standardard. Used in few higher end commercial hotspot systems, too.), coova can do both, first to try MAC-auth to radius. In case, this fails, then redir to login page. Which means, after succesful auth via login, on radius the credentials for future MAC-auth to be set: MAC, and expiry date, depending upon login info (voucher data). MTs approach using cookies is not really professional, as cookies can be easily purged. MT is good for routing etc., but hotspots are just an addition, implemented not very well. In case of interest, we can talk about more details. _MAY_ be, on MTs "Cloud Radius" this can be implemented, although I doubt, because of their closed source policy.