WCAG 2.2.1 — Timing Adjustable (Session Timeout with No Warning)

Who Is Affected

Users with cognitive disabilities who need more time to read and understand content, users with motor disabilities who take longer to navigate and input information, users with visual impairments using screen readers, and anyone working in a multi-step process who may be interrupted.

What This Means

When your website automatically ends a user's session (logs them out) after a period of inactivity, users must be warned beforehand and given the opportunity to extend their session. Many government sites have security-related timeouts for sensitive areas like payment systems or personal account dashboards.

The most common violation is a session that expires without warning, forcing users to start over and potentially lose their work. This creates significant barriers for users who need extra time due to their disability.

Fix: CMS / Theme

Most timeout issues stem from CMS security settings or authentication plugins that need configuration changes.

Joomla Fix

1. Go to System → Global Configuration → System.
2. Find the "Session Lifetime" setting (usually measured in minutes).
3. Either increase the timeout period to a reasonable duration (30+ minutes), or configure a warning system.
4. For warning implementation, install an extension like "Session Keep Alive" or "Auto Logout Warning".
5. Configure the warning to appear at least 20 seconds before timeout, with an option to extend the session.

WordPress Fix

1. For login timeouts: Go to Settings → General and check if a security plugin is controlling session length.
2. Common security plugins:
   • Wordfence: Go to Wordfence → Options → Login Security → adjust "Minutes until a user is locked out"
   • iThemes Security: Go to Security → Settings → Local Brute Force → configure "Minutes to Remember Bad Login"
3. Add timeout warning: Install a plugin like "Inactive Logout" or "WP Session Timeout".
4. Configure the plugin to show a warning dialog 60+ seconds before timeout with an "Extend Session" button.

Fix: Content Editor

For individual pages with embedded forms or interactive content:

1. Identify timed content: Look for forms, quizzes, or multi-step processes that might have built-in timeouts.
2. Contact your web vendor if timeout behavior is coded into specific pages or applications.
3. For third-party embedded content (payment processors, survey tools): Check their accessibility settings and ensure they provide timeout warnings.
4. Document the fix: Note which pages had timing issues so they can be retested after fixes are applied.

Standard Reference

WCAG 2.1 Success Criterion 2.2.1 — Timing Adjustable, Level A

For each time limit that is set by the content, at least one of the following is true: the user is allowed to turn off the time limit, adjust it, or extend it; or the user is warned of the time limit and given at least 20 seconds to extend it with a simple action.

• W3C Understanding SC 2.2.1
• WCAG Technique G133 — Providing a checkbox to extend session
• WCAG Technique G180 — Providing user control over time limits
• WCAG Technique SCR16 — Script warning before session expires
• WCAG Failure F40 — Using meta refresh with timeout
• WCAG Failure F41 — Using meta refresh to reload page