Understanding Success Criterion 2.2.6: Timeouts

Users are warned of the duration of any user inactivity that could cause data loss, unless the data is preserved for more than 20 hours when the user does not take any actions.

Privacy regulations may require explicit user consent before user identification has been authenticated and before user data is preserved. In cases where the user is a minor, explicit consent may not be solicited in most jurisdictions, countries or regions. Consultation with privacy professionals and legal counsel is advised when considering data preservation as an approach to satisfy this success criterion.

Intent of Success Criterion 2.2.6: Timeouts

The use of timed events can present significant barriers for users with cognitive disabilities, as these users may require more time to read content or to perform functions, such as completing an online form.

During the completion of an online process for reserving a hotel room and purchasing a plane ticket, a user with a cognitive impairment may become overwhelmed with the amount of instruction and data input required to complete the process. The user may not be able to complete the process in one sitting, and may need to take a break. Ideally, users should be able to leave a process without losing their current place within the process, and without losing data that have already been entered. If users cannot take a break and check their work, many will often be unable to complete a task correctly.

When the user cannot finish the task in the time allotted, not only does the site become unusable but they lose confidence in using the web and question if they are able to use technology independently. Losing your work because you are not fast enough is incredibly frustrating. When this happens multiple times, the user may give up on trying to perform tasks online.

For situations where the absence of a timed event would significantly change the intended functionality of an application (e.g., an auction or another real-time event), it is important to ensure that users with disabilities are properly notified. Notifications should include information about timed events, and an indication of the duration of the time given. As well, they should include mechanisms clearly labeled to adjust, extend, or stop the duration of an event, to allow users to fully engage and interact with Web content and functionality. For example, if an e-commerce Web site's checkout process provides secure credit card transactions, the user is notified of the timeout, and is given time to extend it.

When there is a chance to extend a time limit, it should be noted that many users, within 20 seconds, cannot read instructions to extend a time limit.  Using simple text can reduce the time it takes to read these instructions.

The best way to conform to the success criteria is to keep the user data for at least 20 hours. This enables the user with disabilities and the aging community to start and finish a task, taking brakes as needed.

However when it is not reasonable to save the user data the author must, at a minimum, warn the user about any timeouts before they start a task that they may not be able to complete.

Timeouts should be displayed to the user once at the beginning of that task/process and not at each step.

Ways that this success criteria can be met include: Saving the saving the users data (such as by storing the session variable data) giving the user a warning at the start of the process about any expected timeouts, or avoiding timeouts altogether.

This success criterion only applies to timeouts that are within the content providers knowledge or control. For example, if the user closes a web browser or device, and looses content in an open page that has not yet been submitted, the success criteria has not been violated.

Benefits of Success Criterion 2.2.6: Timeouts

This Success Criterion helps users who need additional time performing tasks or reading content.

A user can take a break and check their work without needing to start again. This enables many users to complete tasks online that they otherwise could not do.

If a situation exists where a timeout is necessary, the user is warned at the start of the task about the length of inactivity that would generate a timeout. The user  can then decide if they can manage this task or not in the given time. This will  reduce the frustration of working hard at a task just to have all their work deleted due to a timeout.

This Success Criterion helps people with many different cognitive disabilities, including people with:

Examples of Success Criterion 2.2.6: Timeouts

Resources Success Criterion 2.2.6: Timeouts

Techniques for Success Criterion 2.2.6: Timeouts

Sufficient Techniques

  • Do not expire a session timeout unless there has been a 24 hours of inactivity.
  • If a situation exists where a timeout is appropriate, use a mechanism to prevent data loss,  and the ability to return to the original point.
  • If a situation exists where a timeout is appropriate, the user is warned at the start of the task about the length of inactivity that would generate a timeout