WCAG 2.2.5 requires that when an authenticated session expires, users can re-authenticate and continue their activity without losing any data they had entered. This criterion is critical for users with disabilities who may need more time to complete tasks and must not be penalized by session timeouts that erase their work.

WCAG 2.2.5: Re-authenticating

WCAG 2.2.6 requires that users are warned about data loss due to inactivity timeouts, and that any such timeout lasts at least 20 hours unless the data is preserved. This protects users with cognitive disabilities, motor impairments, and others who need more time to complete tasks.

Session Management

WCAG 2.2.5: Re-authenticating

WCAG 2.2.6: Timeouts