Tuesday, 26 November 2013

"Timing adjustable" - accessibility issues with session time out

This is just a brief blog post explaining WCAG checkpoint 2.2.1 "timing adjustable", and what it means in practice.
This checkpoint applies whenever there is limited time for any action. How long the time limit is does not matter for this. The typical situation for this is when the user has to log into a web site, e.g. if they log into their account.
In nearly all cases there will then be some form of session time out, if the user doesn't do anything for a period of time (say, 10 minutes), then they are automatically logged out. Usually that's for security reasons - if the user left the computer then you want to prevent someone else who comes along to use the user's account.

In many cases the page will reload and display a message that the time out has been encountered. In some cases the message will not be displayed until the user performs the next action, e.g. the next time they follow a link or submit a form or similar.

So what is the WCAG requirement?

WCAG requires at least one of the following to be true for each time limit:
  • Turn off: The user is allowed to turn off the time limit before encountering it; or
  • Adjust: The user is allowed to adjust the time limit before encountering it over a wide range that is at least ten times the length of the default setting; or
  • Extend: The user is warned before time expires and given at least 20 seconds to extend the time limit with a simple action (for example, "press the space bar"), and the user is allowed to extend the time limit at least ten times; or
  • Real-time Exception: The time limit is a required part of a real-time event (for example, an auction), and no alternative to the time limit is possible; or
  • Essential Exception: The time limit is essential and extending it would invalidate the activity; or
  • 20 Hour Exception: The time limit is longer than 20 hours.

To explain the exceptions:

Real-time exception: This can only be used if the time limit is required for a real-time event. A typical example is an ebay auction – because the time limit (i.e. the end of the auction) is a real-time event it is exempt from this guideline (it is not necessary to offer a way to turn off or extend the time limit for an auction). 

Essential exception: This is for situations where the time limit is essential for the action. A typical example is an online test where the user has to answer as many questions as possible within a set time limit. The time limit is essential for the test, and extending the time limit would invalidate the results of the test. (It may be necessary to give certain users more time though to treat them fairly, but this is a different question)

In the case of a session timeout when the user is logged into an account there is a security requirement for the session time limit, however you can’t use the “essential exception” for that, because extending the time limit would not invalidate the action (e.g. it doesn't invalidate looking at account details), therefore a time limit cannot be considered to be essential for completing the form.The 20 hour exception is not practical in above situation either (for security reasons), and for the same reason adding an option to turn off the time limit is not a solution in this case either. Similar, adjusting the time limit to 10x the standard time is not a practical solution for security reasons either.

This only leaves the option to extend the time limit. The user is told before the time limit expires and can extend the time limit at least 10 times with a simple action.
This should be done with a simple message - show a warning before the time limit is reached (e.g. 2 minutes before is often a reasonable time), and ask the user if they want to extend the time limit. They should be able to do this with a simple action, e.g. by pressing the ENTER key or clicking on OK. If they do not respond within the remaining time then you can log out the user.

No comments: