RE: Is this covered by 2.2.1 (Timing Adjustable)

James, I agree with you – a pop up would be more intrusive.  Interestingly your approach seems to meet Level AAA 2.2.5 Re-authenticating: When an authenticated session expires, the user can continue the activity without loss of data after re-authenticating. (Level AAA)

Understanding SC 2.2.5<http://www.w3.org/TR/UNDERSTANDING-WCAG20/time-limits-server-timeout.html> The intent of this Success Criterion is to allow all users to complete authenticated transactions that have inactivity time limits or other circumstances that would cause a user to be logged out while in the midst of completing the transaction.

A shopping site checkout
A user with extremely limited use of the hands is logged into a shopping site. It takes so long to enter credit card information into the application that a time limit occurs while the user is performing the checkout process. When the user returns to the checkout process and submits the form, the site returns a login screen to re-authenticate. After the user logs in, the check out process is restored with the same information and at the same stage. The user did not lose any data because the server had temporarily accepted and stored the submission even though the session had timed out and restored the user to the same state after re-authentication was completed.

So – is this one of those odd situations where you meet an equivalent level AAA requirement but not level AA?  I would say it’s unfortunate and should not be that way.

Best Regards,

Jonathan

--
Jonathan Avila
Chief Accessibility Officer
SSB BART Group
jon.avila@ssbbartgroup.com<mailto:jon.avila@ssbbartgroup.com>

703-637-8957 (o)
Follow us: Facebook<http://www.facebook.com/#%21/ssbbartgroup> | Twitter<http://twitter.com/#%21/SSBBARTGroup> | LinkedIn<http://www.linkedin.com/company/355266?trk=tyah> | Blog<http://www.ssbbartgroup.com/blog> | Newsletter<http://eepurl.com/O5DP>

From: James Nurthen [mailto:james.nurthen@oracle.com]
Sent: Tuesday, September 29, 2015 7:36 PM
To: w3c-wai-gl@w3.org
Subject: Is this covered by 2.2.1 (Timing Adjustable)

We have a shopping site where users can browse the site when they are either logged in or not. We are looking to see how 2.2.1 impacts logged-in users on this site.
We want the session timeout to be as unobtrusive as possible -  as such this is what happens currently for logged in users.

Scenario 1) If a logged-in shopper’s session times out while they are shopping, they can continue shopping seamlessly. Only when they go to check out or access their account information are they asked to log in. When they log in, any changes they had made to their shopping cart while timed out are intact.

 My strict reading of 2.2.1 is that in this case the application should have provided a method for the user to extend the session before the timeout occurred. Do others concur on this? I feel that the conventional methods of extending the session (like a popup as seen on many bank sites) would be more distracting to a user than the current behaviour.  I really don't want to ask the application to implement something which would IMO make the UI worse for everybody.

Scenario 2)    If a logged-in shopper’s session times out while they are editing account information, they are prompted to log in again when they attempt to save their changes. Their unsaved edits are intact.

Again this seems to require a timeout prompt before the session expires with a strict reading of 2.2.1. I would generally be ok with asking the application to add a timeout warning here, as it is within a constrained process - but, again, I'm not sure it would actually make the user experience better for anyone.

I would appreciate any input on these scenarios and how others have coped with them in the past.

--
Regards, James

[Oracle]<http://www.oracle.com>
James Nurthen | Principal Engineer, Accessibility
Phone: +1 650 506 6781<tel:+1%20650%20506%206781> | Mobile: +1 415 987 1918<tel:+1%20415%20987%201918> | Video: james.nurthen@oracle.com<mailto:james.nurthen@oracle.com>
Oracle Corporate Architecture
500 Oracle Parkway | Redwood Cty, CA 94065
[Green              Oracle]<http://www.oracle.com/commitment>Oracle is committed to developing practices and products that help protect the environment