Timeouts

About

Version:	WCAG 2.1 and up
Number:	2.2.6
Level:	AAA
Applicability:	Forms Interactive Content
Requirement:	Users are warned of the duration of any user inactivity that could cause data loss, unless the data is preserved for more than 20 hours when the user does not take any actions.
Guidance:	Understanding Success Criterion 2.2.6 How to meet Success Criterion 2.2.6
Techniques:	WCAG currently only includes the following undocumented techniques for this success criterion: Setting a session timeout to occur following at least 20 hours of inactivity. Store user data for more than 20 hours. Provide a warning of the duration of user inactivity at the start of a process.

Purpose

The purpose of this success criterion is to ensure that users are aware how much time there is before a timeout will occur (i.e., their data is lost), as readers with cognitive disabilities, for example, may require additional time to read, understand and interact with the content.

How to Meet

The use of timeouts in digital publications is not common, as timeouts are usually included on the web as a security measure (i.e., to close a user's session in case they forgot to log out when they quit).

If authors do include a timeout (e.g., in an embedded game or application), they need to ensure that users are aware before they begin interacting with the content how long they have before the timeout occurs. The length of time before a timeout could be provided in the instructions for a game, for example.

In general, however, it is best to avoid timeouts unless there is a specific security concern.

Additional Information

The following knowledge base pages provide more information about how to address this success criterion for publishing content:

Timers