This would be quite tricky as you would need to record when a user has authenticated to determine if they have previously logged in within the last hour. APM does not native way of checking if a user has previously authenticated
When a user logs off, the session is terminated and APM no longer holds session variables, so the only things I can think of are: Have something on the client that can be read using a client side check. Or, use an irule to write the username and a timestamp to the session table.
Based on the presence of this information you can make a decision on what AAA method to use.