Fix · Serious · cited in audits
How to fix: session timeouts without warning
Form data is lost when an idle session expires without warning. Cognitive accessibility users need warning + extension.
- WCAG references
- 2.2.1
- Severity
- Serious
What it looks like in the wild
Form data is lost when an idle session expires without warning.
The screen-reader user, keyboard user, or low-vision user encountering this issue does not get an error message. The page just stops working for them. Which is why this kind of bug rarely shows up in your error tracker; it shows up in support tickets, lawsuits, and abandoned conversions.
Why it fails WCAG
Cognitive accessibility users need warning + extension.
Map this back to 2.2.1 when you log the bug. Auditors and procurement teams expect that mapping; "broken" is not enough context.
The wrong pattern (avoid)
setTimeout(() => location.href = '/logout', 600000);The right pattern (copy this)
// 9 minutes: warn
// 10 minutes: log out (unless extended)
showWarningDialog({ extend: () => resetTimer() });Notes from real audits
Warn at 80% of the timeout window — at 4 minutes into a 5-minute session, for example.
The warning dialog itself must be keyboard accessible and focusable, or users with motor disabilities may not reach it in time.
Authentication timeouts for security reasons are exempt, but you should still warn and offer a re-authentication path.
Store form data in sessionStorage during the session so users do not lose input even when a timeout occurs.
Related fixes
How to fix: missing alt text on images
1.1.1
How to fix: low color contrast
1.4.3, 1.4.11
How to fix: form fields without labels
3.3.2, 1.3.1, 4.1.2
How to fix: missing H1 / wrong heading order
2.4.6, 1.3.1
WCAG 2.2.1 — Timing Adjustable
For each time limit set by the content, the user must be able to turn it off, adjust it, o
All fix recipes
Browse fixes by severity
Find every accessibility issue on your site in 60 seconds.
Free public scan. No card. AI-generated fixes for every issue we find.