Skip to main content

Warn Users About Inactivity Duration Causing Data Loss

WCAG 2.1 Ultimate Guide
Disabilities Affected: Cognitive
Success Criterion: 2.2.1
Level: AAA
WCAG Link
Users must be warned about the duration of any user inactivity that could cause data loss, unless the data is preserved for more than 20 hours when the user remains inactive.

Why It Matters

Even if data is preserved upon re-authentication (WCAG 2.2.5), users might not realize their session is about to expire or has expired, leading to potential confusion or unnecessary re-authentication steps. Explicitly warning about inactivity timeouts that could lead to any interruption (even if data is saved) helps users manage their workflow, especially if they need to step away briefly. Preserving data for a very long time (20+ hours) negates the need for this specific warning.

Fixing the Issue

If your application has inactivity timeouts:

  • Option 1 (Best): Preserve user data and state indefinitely or for at least 20 hours of inactivity. This removes the need for the warning under this specific criterion.
  • Option 2: If data is not preserved for >20 hours, provide a clear, persistent, or easily discoverable warning indicating the duration of inactivity that will trigger a timeout (e.g., “For security, you will be logged out after 15 minutes of inactivity.”). This warning should be available before the timeout occurs (ideally always visible or accessible in help/settings). This differs from the WCAG 2.2.1 warning which happens just before timeout; this is about informing the user of the policy upfront.

Good Code Example

Informing user of timeout policy (Option 2):

  • <div class="session-policy-notice">
  Note: Sessions automatically time out after 30 minutes of inactivity. Unsaved changes may be lost if not preserved by the application.
  </div>

<section id="help-security">
   <h2>Session Timeouts</h2>
   <p>To protect your account, your session will automatically end after 30 minutes if you are inactive. Please save your work frequently. If your session ends, you will need to log in again. [Link to info about data preservation].</p>
</section>
  • Note: Sessions automatically time out after 30 minutes of inactivity. Unsaved changes may be lost if not preserved by the application.

    Session Timeouts

    To protect your account, your session will automatically end after 30 minutes if you are inactive. Please save your work frequently. If your session ends, you will need to log in again. [Link to info about data preservation].

Bad Code Example

Application times out after 15 minutes with no prior warning about the duration:

  • *(Note: As of my last update, 2.2.10 might still be proposed or evolving. Always check the latest official WCAG version).*
Search Ultimate Guide
Tablet displaying an eBook cover titled 'Integrating Accessibility Compliance Into Your Budget' by AccessiTREE. The cover features a digital tree with accessibility-related icons, symbolizing inclusive design and compliance.
Free eBook
Integrating Accessibility Compliance Into Your Budget
A Practical Guide for Healthcare Leaders Navigating the New HHS Ruling
Learn More
Need Help with Compliance?
Our team is here to guide you through the process of meeting accessibility standards. Contact us today to get started.
Schedule Consult