Goal
Prevent users from losing work when a session expires.
Success Criterion · WCAG 2.2.5
Re-authenticating
When an authenticated session expires, the user can continue the activity without loss of data after re-authenticating.
Level AAAWCAG 2.0Operable2.2 · Enough Time
Copy button ready
What to do
When re-authentication is required, allow users to continue the activity without losing data after re-authenticating.
Why it matters
Users may need more time; session expiration can cause data loss and force restarts.
Success criterion
What WCAG 2.2.5 requires
Summarized directly from the official Understanding document so teams can quote the requirement accurately.
When an authenticated session expires, the user can continue the activity without loss of data after re-authenticating.
Intent
Why WCAG created this requirement
- Session expiration should not erase user work.
- Re-auth should restore the user to the same state.
- This improves accessibility and reduces frustration and abandonment.
Benefits
Who gains when you pass
- Users with disabilities who need more time do not lose progress.
- All users benefit from draft preservation and smoother re-auth flows.
- Users on unstable networks can recover without restarting.
Why it matters
User impact when this criterion fails
Summaries drawn from the Understanding document help you socialize impact statements with product stakeholders.
Users may lose long-form entries when sessions expire.
Users may abandon processes due to repeated restarts and frustration.
Overview
If a user’s authenticated session expires, they should be able to log back in and continue the activity where they left off without losing entered data. This is especially important for long forms, applications, and complex workflows.
- Autosave drafts and preserve form state locally or server-side.
- After login, return users to the same page and restore inputs.
- Provide warnings before expiration where possible (see 2.2.1 and 2.2.6).
Reference: All summaries and highlights originate from Understanding WCAG 2.2.5 and the W3C quick reference.
Fast facts
- Conformance level
- Level AAA
- WCAG version introduced
- WCAG 2.0
- Principle
- Operable
- Guideline
- 2.2 · Enough Time
Examples
Make success tangible for teams
Share pass/fail snapshots to coach designers, engineers, QA, and content authors.
Long form
Pass
User re-authenticates and returns to the form with all fields preserved.
Fail
User re-authenticates and the form is blank, requiring re-entry.
Draft autosave
Pass
Draft saved periodically and restored after login.
Fail
No draft storage; timeout means lost work.
Evidence to keep
Document conformance decisions
Capture artifacts for VPATs, procurement reviews, and regression testing.
- Document session handling and state persistence strategy.
- Capture evidence of re-auth flow preserving user-entered data.
Official resources
Deep dives and supporting material
Keep these links handy when writing acceptance criteria or responding to audits.
Implementation checklist
Capture progress and blockers
- Implement draft saving for long-running activities.
- Detect session expiration and redirect to re-auth without wiping state.
- After re-auth, restore the previous route and activity state.
- Ensure security requirements are met without sacrificing data preservation.
- Provide clear messaging: what happened and how to continue.
Testing ideas
Prove conformance with evidence
- Start an authenticated activity and enter data.
- Force session expiration and verify user is prompted to re-auth.
- Re-authenticate and verify the activity resumes with data intact.
- Test across browsers and refresh scenarios.
Related success criteria