Sure, but EAP session resumption taking place is not required for 802.1X reauth, so cannot be relied upon. I'd always be loathed to use MAC addresses for anything like this as they're not a secure principle, not being cryptographically bound to anything.