Start Free Team Trial

The WCAG Explained

Simplified and actionable explanations of every WCAG 2.2 criteria

Re-authenticating

Summary:
WCAG 2.2.5, "Re-authenticating," addresses the challenge users face when they are logged out of a session and need to log in again. This guideline is particularly important for ensuring that users do not lose information or progress due to session timeouts, which can be frustrating and exclusionary, especially for those with cognitive or physical disabilities.

What:
This criterion ensures that when a user is required to re-authenticate after a timeout, they don't lose any data previously entered or activity undertaken. Essentially, users should be able to continue their activity without data loss after re-authenticating.

Why:
Automatic timeouts can be a significant barrier, particularly when they result in the loss of data or progress. This is a common issue for users who may take longer to complete tasks, such as those with typing difficulties or those who need more time to read and understand content. Ensuring that users can pick up where they left off after re-authenticating makes digital platforms more accessible and user-friendly.

Examples and Scenarios:

  1. Online Forms: If a user is filling out a form and the session times out, they should be able to log in again and continue the form without losing any entered information.
  2. E-commerce Shopping Carts: Users who are shopping online and get logged out should find their shopping cart intact upon logging back in.
  3. Long Readings or Activities: For activities that require extended periods of time, like online courses or assessments, users should not lose their progress if they need to re-authenticate.

How to Comply:

  • Websites: Implement session handling that saves the user's progress and data, allowing them to resume activity post re-authentication. Use server-side mechanisms or local storage solutions to preserve data.
  • Mobile Apps: Design apps to automatically save user progress and data, ensuring that users can return to their activity after re-authenticating.
  • Software Applications: Incorporate features that maintain user state and data, even when a session expires or the user needs to log in again.

Exceptions:

  • Data Security Concerns: In situations where saving data could pose a security risk, such as with sensitive financial transactions, this guideline might need to be balanced with security requirements. However, even in these cases, efforts should be made to minimize data loss.

WCAG Links

WCAG 2.2 documentation

Official WCAG criterion documentation

Understanding SC 2.2.5

Documentation and examples from the WCAG

WCAG How to Meet

Technical deep dives on how to meet specific criteria in the WCAG by W3C