You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To inform user's they are going to be timed out. A timeout warning helps services meet WCAG 2.0 success criterion 2.2.1 - that services warn users before a timeout occurs and allow them to extend it.
WCAG 2.2.1 requirements state a user must be able to do one of the below:
Turn off time out
Adjust the time out time to cover a longer period - up to 10x the original set time out
Extend the session with a simple action and be able to extend it at least 10x. On extending the session the page must not be refreshed and any data entered sustained.
Have a session time of 20 hours
Anything else
Tech restraints - if using javascript for the pop up what happens when a user has javascript turned off? Currently they would be timed out without a warning which then makes the service non-compliant. Need a solution for this instance. Potentially an option for users to preset time at the beginning or default to 20 hrs.
2.2.6 includes a recommendation to add a warning about the session time to the beginning of a service. This is a recommendation and is a AAA standard (not currently required).
This is required on any service that has a timeout of less than 20 hours, including Agent facing.
There might be a difference between a session timeout (normally several hours) and a page timeout (when no action has been taken on a page). A session timeout can happen whether or not someone is "signed in" - ie before they have done any authentication - so "You will be signed out" might not make sense here.
What
For security reasons some services time the user out after a set amount of time (time set by service team with guidance from security)
Example: Budgeting loans - time out pop up modal
Example: NS JSA timeout page
Example: Pension credit flow
session-timeout (2).pdf
Why
To inform user's they are going to be timed out. A timeout warning helps services meet WCAG 2.0 success criterion 2.2.1 - that services warn users before a timeout occurs and allow them to extend it.
WCAG 2.2.1 requirements state a user must be able to do one of the below:
Anything else
Tech restraints - if using javascript for the pop up what happens when a user has javascript turned off? Currently they would be timed out without a warning which then makes the service non-compliant. Need a solution for this instance. Potentially an option for users to preset time at the beginning or default to 20 hrs.
2.2.6 includes a recommendation to add a warning about the session time to the beginning of a service. This is a recommendation and is a AAA standard (not currently required).
This is required on any service that has a timeout of less than 20 hours, including Agent facing.
Time out covered on below design systems
https://design.tax.service.gov.uk/hmrc-design-patterns/service-timeout/
https://design.homeoffice.gov.uk/patterns/stop-a-service-timing-out
alphagov/govuk-design-system-backlog#104
The text was updated successfully, but these errors were encountered: