AccessiTech LLC

AccessiTech | 2.2.5 - Re-authenticating

WCAG Guideline 2.2.5: Re-authenticating Explained

Estimated read time: 6–7 minutes

Guideline 2: Operable

The Operable principle ensures that all users can interact with and control web content, regardless of their abilities. This includes letting users continue their work after re-authenticating, such as after a session timeout.

Guideline 2.2: Enough Time

Guideline 2.2 focuses on making sure users have enough time and flexibility to complete tasks. Re-authenticating ensures users don’t lose their work if they need to log in again.

What Is Guideline 2.2.5 Re-authenticating?

"When an authenticated session expires, the user can continue the activity without loss of data after re-authenticating."

Guideline 2.2.5 Re-authenticating is a Level AA requirement in the Web Content Accessibility Guidelines (WCAG) .

  • Users must be able to continue their activity after logging back in, without losing data.
  • Applies to forms, shopping carts, and any activity interrupted by session timeouts.
  • Supports users who need more time or are interrupted during tasks.

This ensures users can continue their activities without losing data, even if they need to re-authenticate.

For more, see Accessibility Considerations for Authentication Experiences (CapTech) .

Why Does It Matter?
  • Inclusivity: Session timeouts can cause data loss for users who need more time.
  • Legal Compliance: Re-authenticating is a Level AAA requirement in WCAG 2.1 and 2.2.
  • Usability: Prevents frustration and loss of work for all users.

For more, see W3C’s guidance on session timeouts .

What Needs to Support Re-authenticating?
  • Online forms and checkouts
  • Applications with session timeouts
  • Any feature requiring authentication

All must allow users to continue without loss of data after logging back in.

How to Make Re-authenticating Accessible
  • Preserve user data during re-authentication
  • Allow users to resume activities without loss
  • Document session policies
  • Test with users who need more time

For more, see the W3C's Re-authenticating Techniques .

Common Mistakes to Avoid
  • Data loss after session timeout
  • No way to resume activities
  • Not documenting session policies
  • Not testing with users who need more time

Differences Between A, AA, and AAA for Guideline 2.2.5 in WCAG 2.2
  • Level A: Not applicable for this guideline.
  • Level AA: Not applicable for this guideline.
  • Level AAA: Requires users can continue activities without data loss after re-authenticating. This is the core requirement for 2.2.5 and is mandatory for AAA conformance.

For more, see the W3C’s official documentation for 2.2.5 Re-authenticating .

Quick Checklist
  • User data is preserved during re-authentication
  • Activities can be resumed without loss
  • Session policies are documented
  • Tested with users who need more time

Summary

Guideline 2.2.5 is essential for preventing data loss and supporting users who need more time. By preserving user data during re-authentication, you support users with disabilities, improve usability, and meet legal requirements. Test your site regularly and make session management a core part of your development process.

Reach Out!

Report bugs, request features, and start collaborating via GitHub Issues!

© 2025 AccessiTech LLC. All Rights Reserved.