SC 2.2.6 comments

Hi,

I think I would agree with the RNID comments that SC 2.2.6 is sufficiently
useful for all web users that it outght to be level 2, rather than 3.
Having implemented this sort of system, I can appreciate that raising the
level may cause authors difficulties, so a compromise might be to
reworded it something along the lines of "with a minimum (preferably zero)
loss of data", then add a technique that forms should be kept as short
as possible so as to reduce the data loss on a session timeout.  Longer
forms could use a "wizard" approach - but I must admit it's not clear to
me that having the server record progress through the form filling is
significantly easier to achieve than the techniques already described.

Greg Lowney's comment on the difficulty of storing session data on servers
indefinitely seems to have been addressed by the alternative strategies
detailed in the "Understanding WCAG 2.0" entry for this SC.  However, the
item :

"* The user is prompted to re-authenticate in a separate viewport, thus 
preserving the original data."

needs clarification of what's meant by a "viewport" (presumably a frame,
or pop-up would risk breaking other success criteria ?), or it should be
removed.

Finally, it occurs to me that the SC only talks about _inactivity_
timeouts (i.e. timed from the last access), but some sites could be using
a _session_ timeout (i.e. timed from the last authentication).  Is there
a concensus that the latter is "not a good idea", and if so should this
be made clear in the success criteria ?  Should there be definitions
for these terms ?

Other than that the 2.2 section of "Understanding WCAG 2.0" looks clear,
and helpful to me (haven't had time to look at anything else).

Philip.

-----------------------------------------------------------------
Dr Philip J. Naylor AFRSPSoc,
Scientific Computer Support Officer,
Department of Engineering Mathematics,
University of Bristol.

Received on Monday, 19 December 2005 17:12:02 UTC