Fix · Serious · cited in audits

How to fix: session timeouts without warning

Form data is lost when an idle session expires without warning. Cognitive accessibility users need warning + extension.

WCAG references: 2.2.1
Severity: Serious

What it looks like in the wild

Form data is lost when an idle session expires without warning.

The screen-reader user, keyboard user, or low-vision user encountering this issue does not get an error message. The page just stops working for them. Which is why this kind of bug rarely shows up in your error tracker; it shows up in support tickets, lawsuits, and abandoned conversions.

Why it fails WCAG

Cognitive accessibility users need warning + extension.

Map this back to 2.2.1 when you log the bug. Auditors and procurement teams expect that mapping; "broken" is not enough context.

The wrong pattern (avoid)

JavaScript

setTimeout(() => location.href = '/logout', 600000);

The right pattern (copy this)

JavaScript

// 9 minutes: warn
// 10 minutes: log out (unless extended)
showWarningDialog({ extend: () => resetTimer() });

Related fixes

How to fix: missing alt text on images

1.1.1

How to fix: low color contrast

1.4.3, 1.4.11

How to fix: form fields without labels

3.3.2, 1.3.1, 4.1.2

How to fix: missing H1 / wrong heading order

2.4.6, 1.3.1

How to fix: missing skip-to-main-content link

2.4.1

How to fix: keyboard trap in modal or widget

2.1.2

Find every accessibility issue on your site in 60 seconds.

Free public scan. No card. AI-generated fixes for every issue we find.

Run my free scan Compare plans