Resource guide
2.2.5 Re-authenticating
When an authenticated session expires, users must be able to continue their activity after re-authenticating without losing data.
By Calling All Minds·Last updated April 2026
Success criterion
Conformance level
Enhanced accessibility — beyond the legal minimum.
What it means
Session timeouts are a practical security measure, but they should not result in users losing their work. When a session expires and a user re-authenticates, their data must still be there.
This is particularly important for users who take longer to complete tasks and for users who are interrupted mid-task.
In practice
Save form data and session state server-side before the session expires.
After re-authentication, redirect users back to exactly where they were with their data intact.
Where possible, use browser storage or drafts to preserve work client-side as a fallback.
Common failures
- Form data cleared after session timeout requiring the user to start again
- Shopping basket emptied when session expires mid-checkout
AXS Audit
AXS Audit checks your site against 2.2.5 and flags issues your team can act on straight away. It covers criteria that automated scanners often miss.