Caution
This document is an English translation of the “freee Accessibility Guidelines.” The normative version of this document is in Japanese, and the English version is informational. The English translation is incomplete, and any links with their link texts left in Japanese are untranslated. Please be aware that there may be inaccuracies in the translation or parts that are outdated.
Login Sessions
These guidelines are about login session management.
Expiration of Login Sessions
Do not set an expiration date for login sessions. If you set an expiration date, meet at least one of the following criteria:
Removal: Users can remove the expiration date when they log in.
Adjustment: Users can adjust the expiration date by at least 10 times the default setting when they log in.
Extension: Users are warned before the expiration date and can extend the expiration date at least 20 seconds before the expiration date by performing a simple operation such as “pressing the space key”.
Essential exceptions: The expiration date is essential, and extending the expiration date will disable the operation of the content.
20-hour exception: The expiration date is longer than 20 hours.
- Target Platforms
Web, Mobile
- Intent
Ensure that users can use services without problems even when it takes time to read or understand content or to perform input operations.
- Corresponding Success Criteria of WCAG 2.1
Success Criterion 2.2.1 (Level A): Timing Adjustable
Success Criterion 2.2.3 (Level AAA): No Timing
- Supplementary Information
Checklist Items
Check ID: 1321
The login session is not set with an expiration time. Or, it meets one of the following conditions:
At the time of login, the user can disable the expiration setting. Or,
At the time of login, the user can significantly adjust the expiration time to exceed at least ten times the default setting. Or,
The user is warned before time expires, and with at least 20 seconds of grace, for example, by pressing the space bar, the user can extend the expiration time more than ten times. Or,
The expiration time is essential, and extending it would invalidate the content’s functionality. Or,
The expiration time is longer than 20 hours.
- Applicable Stages
Design
- Target Platforms
Web, Mobile
- Severity
[MAJOR]
Continuing Operation After Exceeding Time Limit
Ensure that users can continue their operation without losing data even after re-authentication when a login session has expired.
- Target Platforms
Web, Mobile
- Intent
Ensure that users can use services without problems even when it takes time to read or understand content or to perform input operations.
- Corresponding Success Criteria of WCAG 2.1
Success Criterion 2.2.5 (Level AAA): Re-authenticating
- Supplementary Information
Checklist Items
Check ID: 1381
If the login session times out, users can continue their operations without losing data after re-authentication.
- Applicable Stages
Design
- Target Platforms
Web, Mobile
- Severity
[NORMAL]