AAA2.2 Enough Time

2.2.5 Re-authenticating

If a session expires, users can log back in and continue where they left off without losing data.

Why it matters: Prevents data loss for users who take longer to complete tasks.

Official WCAG Definition

WCAG 2.2 OfficialExact wording from W3C Web Content Accessibility Guidelines

View on W3C

When an authenticated session expires, the user can continue the activity without loss of data after re-authenticating.

Source: W3C Web Content Accessibility Guidelines (WCAG) 2.2

Plain Language Explanation

What This Means: This success criterion requires that when a user's authenticated session expires (times out), they must be able to re-authenticate (log back in) and continue their work without losing any data they had entered. All form data, progress, and work must be preserved and restored after re-authentication.

Why It's Important: Users with disabilities may take longer to complete tasks, making them more likely to encounter session timeouts. If data is lost when a session expires, these users lose their work and must start over, which is frustrating and may prevent them from completing tasks. By preserving data across session expiration, we ensure users don't lose their progress.

In Practice:

Save all user input and progress automatically, either to the server or local storage. When a session expires, show a clear message and allow re-authentication. After re-authentication, restore all saved data so users can continue exactly where they left off. Test by letting a session expire and verifying that all data is preserved and restored after logging back in.

Who Benefits & How

All users

This criterion ensures that all users can access and understand the content, improving their overall experience and ability to use the website effectively.

Users with motor disabilities

This criterion ensures that users with motor disabilities can access and understand the content, improving their overall experience and ability to use the website effectively.

Users with cognitive disabilities

This criterion ensures that users with cognitive disabilities can access and understand the content, improving their overall experience and ability to use the website effectively.

Impact: When this criterion is properly implemented, it removes barriers for these user groups and creates a more inclusive web experience for everyone.

Key Terms & Concepts

Real World Examples

❌ Incorrect

Session Expiration Loses Data

When session expires, all form data is lost and cannot be recovered.

<form>
  <input type="text" name="data">
  <!-- Data lost on session expiration -->
</form>

✓ Correct

Session Expiration Preserves Data

When session expires, data is saved and restored after re-authentication.

<form onchange="saveDraft()">
  <input type="text" name="data">
  <!-- Data saved and restored after re-auth -->
</form>

Who This Affects

This success criterion benefits the following user groups:

All users

Users with motor disabilities

Users with cognitive disabilities

Implementation Checklist

JavaScript

Implement auto-save functionality for all user input
Save data to localStorage or server-side storage
Restore data after re-authentication
Preserve form state and progress

General

Test session expiration scenarios
Verify all data is preserved
Test re-authentication flow
Ensure users can continue where they left off

Tip: Use this checklist during development and testing to ensure all requirements for 2.2.5 Re-authenticating are met. Check off items as you complete them.

How to Test This Properly

Manual Testing

Start filling out a form or entering data.
Let the session expire (or simulate expiration).
Re-authenticate.
Verify that all entered data is preserved and restored.
Check that users can continue where they left off.
Test that data is saved automatically as users type.
Verify that file uploads or complex data are preserved.

Automated Testing

Tools cannot verify session expiration and data preservation.
Use browser DevTools to check for auto-save functionality.

Compliance Requirements

To meet this success criterion, ensure the following requirements are met:

When a session expires, users must be able to re-authenticate and continue without data loss.

All user-entered data must be preserved during session expiration.

Data must be automatically saved as users interact with forms.

Users must be able to resume their work exactly where they left off.

Re-authentication must be straightforward and not require re-entering data.

Going Beyond Compliance

While meeting the minimum requirements ensures compliance, consider these enhancements for a better user experience:

Provide clear messaging about session expiration and data preservation.

Auto-save data frequently to prevent any potential loss.

Provide visual indicators that data is being saved.

Allow users to manually save their work at any time.

Test data preservation with complex forms and file uploads.

Common Myths

Myth

Session expiration is a security feature, so data loss is acceptable.

Reality

Security and accessibility can coexist. Data should be preserved even when sessions expire, allowing users to re-authenticate and continue.

Common Failures

Common Failure

Session expiration causes complete data loss.

Solution

Implement auto-save functionality. Preserve form data in localStorage or server-side. Restore data after re-authentication.

Common Failure

Users must re-enter all data after session expiration.

Solution

Auto-save data as users type. Restore all data automatically after re-authentication. Provide clear messaging about data preservation.

Complements

2.2.1 Timing Adjustable

Related to

2.2.6 Timeouts

Official Resources

Understanding

Understanding Re-authenticating

www.w3.org

Note: These are official W3C resources for 2.2.5. For the most up-to-date information and detailed technical guidance, always refer to the official W3C documentation.

Why We Don't Provide Generic Code Examples

Implementing 2.2.5 Re-authenticating correctly requires understanding your specific context. Code solutions vary significantly based on multiple factors:

Programming Language

HTML, React, Vue, Angular, PHP, Python, and other frameworks each have different patterns and best practices.

Architecture & Patterns

Server-side rendering, client-side rendering, static generation, and hybrid approaches require different solutions.

Design System

Your existing components, styling approach, and UI library influence how accessibility must be implemented.

User Context

Your specific user base, content type, and interaction patterns determine the most appropriate implementation.

Custom Solutions Available

We provide tailored implementation guidance by analyzing your specific technology stack, coding patterns, design system, and project requirements. Our team reviews your codebase and provides custom solutions that integrate seamlessly with your existing architecture.

Get Custom Implementation Help

Part of

Operable Principle

Guideline

2.2 Enough Time

Real World Examples

❌ Incorrect

Session Expiration Loses Data

When session expires, all form data is lost and cannot be recovered.

<form>
  <input type="text" name="data">
  <!-- Data lost on session expiration -->
</form>

✓ Correct

Session Expiration Preserves Data

When session expires, data is saved and restored after re-authentication.

<form onchange="saveDraft()">
  <input type="text" name="data">
  <!-- Data saved and restored after re-auth -->
</form>

Why We Don't Provide Generic Code Examples

Implementing 2.2.5 Re-authenticating correctly requires understanding your specific context. Code solutions vary significantly based on multiple factors:

Programming Language

HTML, React, Vue, Angular, PHP, Python, and other frameworks each have different patterns and best practices.

Architecture & Patterns

Server-side rendering, client-side rendering, static generation, and hybrid approaches require different solutions.

Design System

Your existing components, styling approach, and UI library influence how accessibility must be implemented.

User Context

Your specific user base, content type, and interaction patterns determine the most appropriate implementation.

Custom Solutions Available

Get Custom Implementation Help

Official WCAG Definition

Intent

Plain Language Explanation

In Practice:

Who Benefits & How

All users

Users with motor disabilities

Users with cognitive disabilities

Key Terms & Concepts

Authenticated Session

Re-authenticating

Real World Examples

❌ Incorrect

Session Expiration Loses Data

✓ Correct

Session Expiration Preserves Data

Who This Affects

Implementation Checklist

JavaScript

General

How to Test This Properly

Manual Testing

Automated Testing

Compliance Requirements

Going Beyond Compliance

Common Myths

Myth

Reality

Common Failures

Common Failure

Solution

Common Failure

Solution

Related Success Criteria

2.2.1 Timing Adjustable

2.2.6 Timeouts

Official Resources

Understanding

Understanding Re-authenticating

Why We Don't Provide Generic Code Examples

Programming Language

Architecture & Patterns

Design System

User Context

Custom Solutions Available

Official WCAG Definition

Intent

Plain Language Explanation

In Practice:

Who Benefits & How

All users

Users with motor disabilities

Users with cognitive disabilities

Key Terms & Concepts

Authenticated Session

Re-authenticating

Real World Examples

❌ Incorrect

Session Expiration Loses Data

✓ Correct

Session Expiration Preserves Data

Who This Affects

Implementation Checklist

JavaScript

General

How to Test This Properly

Manual Testing

Automated Testing

Compliance Requirements

Going Beyond Compliance

Common Myths

Myth

Reality

Common Failures

Common Failure

Solution

Common Failure

Solution

Related Success Criteria

2.2.1 Timing Adjustable