The WCAG Explained

Summary:
WCAG 2.2.6, "Timeouts," is about informing users of the duration of inactivity that could lead to data loss, except in cases where the data is preserved for more than 20 hours. This criterion is crucial for ensuring users are aware of potential risks of data loss due to inactivity, especially beneficial for those who may need more time to interact with content, such as users with disabilities.

What:
This guideline requires websites and applications to inform users about the length of inactivity that will trigger a timeout. The objective is to prevent unexpected data loss due to session timeouts, allowing users to manage their time and activities more effectively.

Why:
Understanding the time limits for sessions is vital for users who may take longer to complete tasks or who might leave a session and return later. Knowing the timeout duration allows these users to plan accordingly and save their work or data, ensuring they don't lose progress due to inactivity.

Examples and Scenarios:

1. Online Banking: A banking website should inform users about the session timeout period, so they know how long they have to complete transactions.
2. Long Forms: For lengthy application forms or surveys, users should be notified about the inactivity period after which their session will expire.
3. E-learning Platforms: Users on educational platforms should be made aware of the timeout duration for tests or learning modules.

How to Comply:

• Websites: Clearly communicate the session timeout duration and conditions on your website, preferably at the beginning of tasks or processes that might be affected.
• Mobile Apps: Include a feature in apps that notifies users about the timeout period, especially in sections where data input or prolonged interaction is expected.
• Software Applications: Implement notifications or warnings about session timeouts, ensuring that users are aware of the inactivity period leading to a potential timeout.

Exceptions:

• Extended Data Preservation: If the user's data or activity is preserved for at least 20 hours of inactivity, providing a timeout warning might not be necessary as the risk of data loss is significantly reduced.