RE: Session timeouts not part of 2.2.1?

Hi Michael,

At 19:36 12/01/2006, Michael Cooper wrote:
1) We definitely need to disambiguate the terms "server timeout" and
"session timeout", or decide that there is no difference and choose one
term. From context, I assumed they were intended to be one thing and
have used them interchangeably. If that is incorrect, we'll need to make

I prefer "session timeout" because "server timeout" could be interpreted
as "request timeout", which is not what we mean.

2) I agree with what I think Ben said, which is that even if the author
doesn't have control over the server, it is legitimate to include
success criteria that impact server configuration including, in this
case, timeouts. An author desiring to conform to WCAG either has to get
control over the server, use some client-side technique to repair the
issue (e.g., a meta refresh element, or a script that pings the server
and keeps the page logged in), or find another server.


3) I think I understand what is meant by the technique about server-side
redirect. I thought I had posted something to the list, but when I dug
for it, it turns out I only discussed it off list with a few people in
the context of an action item, and then the holidays came up and I never
ended up bringing it forward to the list. Sorry about that carelessness.
Anyway, here it is:

The other case I can think of is server-requested refresh and redirect.
The two "common failures" deal with redirects and refresh created by the
<meta> element in HTML. However, the <meta> element is defined in the
HTML spec <> to
provide a "virtual" HTTP header. The "header" that the HTML technique to
create refreshing pages uses is called the "Refresh" header, but
unfortunately I just discovered that this header is not defined in the
HTTP specification <> and as far
as I can tell, never was. Nevertheless, I tried putting that HTTP header
into a Web server on my local machine, and sure enough, recent versions
of Firefox and IE both respected the header and refreshed the page just
as if I had defined it in HTML with a <meta> element.

I wonder if this does not call for a GL 4.1 success criterion that says
something like: "Internet protocols are used according to specification."
And then the HTTP header abuse with "Refresh" could be listed as a failure.



Christophe Strobbe
K.U.Leuven - Departement of Electrical Engineering - Research Group on 
Document Architectures
Kasteelpark Arenberg 10 - 3001 Leuven-Heverlee - BELGIUM
tel: +32 16 32 85 51 


Received on Friday, 13 January 2006 15:27:49 UTC