A number of interactions users have with websites are governed by time limits.
- Consider different options for approaching timeouts
- Allow the user to extend the time limit or turn it off altogether
A number of interactions users have with websites are governed by time limits. These fall into two main categories:
- A time limit placed on completing a specific activity.
- A time out of a connection to a service.
Asking the user to select and pay for concert tickets within 15 minutes is an example of the former, ending the user's session with an online banking app after some activity is an example of the latter.
Reasons for creating these conditions vary but they likely arise from a need for security, managing up-to-date stock levels, or simply to restrict the number of concurrent connections through a secure port.
A retailer with a limited supply of a product may want to reserve one unit for that particular shopper until they commit to paying for it, or the owner of a website may assume a person who has not interacted with the site has left and closing the connection keeps that person's account better secured.
To people with disabilities, these timed connections present more difficulties than for people without disabilities. For example, if a blind person is booking concert tickets and it is counting down the time available, depending on how this has been technically achieved, they may not be aware the timer is running. To other people with more cognitive disabilities, seeing a timer onscreen may induce more stress than required for the relative importance of the task at hand.
The problem is that time limits tend to be defined according to averages: the average user's average time required to complete the average action. To make your website accessible to people with disabilities, you must accommodate the needs of people who are not average, including:
- Blind people
- People with low vision
- People with limited dexterity, either permanent or temporary
- People with cognitive limitations
- People with reading and learning disabilities
- People using new or unfamiliar equipment
- People who may be in a distracting or noisy place
- People using old equipment or on a very slow connection (dialup or weak signal 3G)
The list is not exhaustive but it does highlight that there is a very wide range of people who will be affected by a timed event.
WCAG 2.0 includes several success criteria designed to ensure that people with disabilities have enough time to complete the actions required by a website.
In order to meet the criterion, several techniques are available, geared towards letting users adjust the length of any timed connection. It may seem counter-intuitive to have a process set a time limit then allow the user to modify it, but allowing the modification allows the timing to pass the success criterion under Success Criterion 2.2.2 Timing adjustable.
Removing all timing constraints is required to meet Level AAA conformance under the Success Criterion 2.2.3 No timing. But if timing is still considered important for business reasons, or you cannot convince the site owners to remove it completely, there are still ways to manage the timing of events and still have an accessible website.
A flexible approach
Ending a users connection to a website or web application is an extreme approach to managing security and resources so before doing so it is valuable to confirm it is the only means available to resolve the issue. It assumes that the time limit allowed is sufficient for anyone to have completed the required process, but the time limit is rarely calculated to allow for the time it takes people with some disabilities to complete actions.
The three options available to manage each time limit are to:
- remove the time limit and enabling the user to turn it off;
- adjust the limit before it starts; or
- extend it once it has started.
There are several ways in which you can make a process with a time limit accessible according to Success Criterion 2.2.1 Timing adjustable, which states:
For each time limit that is set by the content, at least one of the following is true: (Level A)
- Turn off: The user is allowed to turn off the time limit before encountering it; or
- Adjust: The user is allowed to adjust the time limit before encountering it over a wide range that is at least ten times the length of the default setting; or
- Extend: The user is warned before time expires and given at least 20 seconds to extend the time limit with a simple action (for example, "press the space bar"), and the user is allowed to extend the time limit at least ten times; or
- Real-time exception: The time limit is a required part of a real-time event (for example, an auction), and no alternative to the time limit is possible; or
- Essential exception: The time limit is essential and extending it would invalidate the activity; or
- 20-hour exception: The time limit is longer than 20 hours.
The above describes three methods to make timed events accessible and three exceptions to allow some events to remain in place yet still be accessible. We will explore each of these options in turn.
The exceptions described are to cover conditions where extending the time would damage the activity being timed or the time given is already exceedingly generous and unlikely to be surpassed under any circumstances. The 20-hour exemption is designed to cover even the longest of working days and an unsafe period of time for a person to be continuously using a computer.
Each of these methods requires the control deployed to also be accessible, so if a method to make timing accessible requires the user to find and activate a button, that button must be fully accessible. For example, if there is a control to manage the timing.
Turn off the timing
This option requires there to be an accessible method to turn off the time limit completely.
For example, when encountering a situation where there is a time limit, the user knows there is a time limit and can select and activate the control to stop the timer completely. To do so the user must be made aware of the timer and be given an easy means of turning the timer off completely without refreshing the page.
Allow the timing to be adjusted by the user
This option requires there to be an accessible method to adjust the time remaining, and to allow it to be extended at least ten times the default setting.
Allow the user to extend the timing
Another option is to allow the user to extend the timing when the time remaining becomes short.
Although this example does not extend the timing ten times the original time, it should allow the user to repeatedly extend the timing every twenty minutes.
As mentioned above, the methods deployed to allow the user to turn off, adjust, or extend the timing must also be accessible. Of particular attention in this process is the ability of the site to manage focus so the user does not become lost when approaching the controls to turn off, adjust, or extend.
When any component receives focus, it does not initiate a change of context. (Level A)
This means that you should not impose a time limit that has the effect of changing the context of the page when the user is timed out, such as opening a new window and moving focus to that window. To do so is to remove a level of user control for people with some kinds of disabilities, which is not acceptable. A dialog box or modal box is acceptable only if it is clear that the box is active, that the request is straightforward, and the user can navigate to the controls to act on or dismiss it.
Level AAA compliance
To achieve Level AAA conformance and optimal accessibility, it is necessary to remove timing as a controlling part of any user activity, except where the passing of time is an essential element of the content, such as in live, real-time video.
Level AAA conformance also requires that if a user completing an authenticated process is timed out, the system will retain the information entered before the timeout, so that the user can continue where they left off once they re-authenticate themselves. Not only is this accessible, it is good practice for any process and should be practiced anyway. Saving the user's information for when they have re-authenticated is seen as a way of both maintaining security while meeting the needs of people with disabilities in what can be critical online transactions.
WCAG 2.0 references
- Success Criterion 2.2.1 Timing adjustable
- Success Criterion 2.2.3 No timing
- Success Criterion 2.2.5 Re-authenticating
- Success Criterion 3.2.1 On focus
Related Techniques for WCAG 2.0
- G4: Allowing the content to be paused and restarted from where it was paused
- G5: Allowing users to complete an activity without any time limit
- G105: Saving data so that it can be used after a user re-authenticates
- G133: Providing a checkbox on the first page of a multipart form that allows users to ask for longer session time limit or no session time limit
- G180: Providing the user with a means to set the time limit to 10 times the default time limit
- G181: Encoding user data as hidden or encrypted data in a re-authorisation page
- G198: Providing a way for the user to turn the time limit off