| UI or UX | UI + UX - Authenticated-session expiry and reauthentication boundary warning | UI + UX - Attempted-departure safeguard for unrecoverable in-progress work | UI + UX - Background-saving form progress | UI + UX - Authorization and access-boundary state |
| UI guidance | Show a visible countdown or clear expiry time before inactivity, absolute session, or reauthentication limits can interrupt work; place the warning near the current task or as a focused dialog when immediate action is required. | Show a warning only when the user attempts to leave with real unsaved, pending, failed, or unrecoverable work; place in-app route warnings at the point of departure with Save and leave, Discard and leave, and Stay editing choices. | Render a clear autosave message before users start, then keep a persistent status surface for Pending, Saving, Saved with timestamp, Failed, Retry, and unsafe-to-leave states. | Show the blocked object or action, current account, permission level, required role, owner, and request path when revealing that information is allowed. |
| UX guidance | Use session timeout warning to balance security, privacy, accessibility, and continuity when an authenticated session is about to expire or require reauthentication. | Use exit warning to interrupt an attempted departure that would lose work, context, payment state, upload progress, or session-bound data the product cannot safely recover. | Use autosave when losing progress would hurt and background persistence is safer than making users hunt for a distant Save button. | Use permission denied state when the system knows the user is authenticated but their role, group, share, license, policy, or approval status blocks a specific object or action. |
| Good UI | A benefits form shows Your session will end in 2 minutes, says the draft is saved, and offers Stay signed in, Save and sign out, and Sign out. | A grant form user clicks Back with two unsaved answers; a dialog names the changed section and offers Save and leave, Discard and leave, or Stay editing. | A long application step says the application is saved on every change, shows Saving after an edited title blurs, then shows Draft saved just now with a timestamp. | A report page says Quarterly revenue report requires Finance viewer access, shows the current account, names the report owner, and offers Request access and Switch account. |
| Bad UI | The app logs out after 15 minutes with no countdown and clears a long form. | Every navigation shows Are you sure you want to leave? even after the form is saved. | A form removes the Save button and shows no save status, leaving users unsure whether typed answers are safe. | A denial page says Something went wrong and shows Retry even though the user lacks a required group. |
| Good UX | A user pauses while gathering documents, sees the remaining time, extends the session once, then saves the draft before policy requires reauthentication. | A user starts to close a tab after a failed autosave, sees the risk before leaving, stays on the page, retries the save, and then leaves without another warning. | A user writes a long answer, pauses, sees Saving, then sees Draft saved just now and can leave knowing the draft is recoverable. | A user opens a restricted report, sees which account is signed in, requests viewer access with a reason, then sees that the request is pending with the owner. |
| Bad UX | A user returns from a phone call to find the form gone and a generic access denied page. | A user clicks a sidebar link after typing a long answer and loses it because the product only watched final Submit. | A user leaves after seeing an old saved message, but the newest field was never persisted. | The app returns a blank screen for a restricted file, so the user cannot tell whether the file is gone, private, or opened with the wrong account. |
| Best fit | An authenticated session can expire because of inactivity, overall lifetime, assurance policy, or reauthentication requirement. | Users have unsaved or pending changes that cannot be recovered if they leave. | Users spend meaningful time entering form content or application progress. | A signed-in user lacks permission to view, edit, publish, export, delete, approve, share, administer, or configure a resource. |
| Avoid when | There is no authenticated session boundary and the issue is ordinary navigation away. | The page is clean, read-only, or all changes are safely saved and recoverable. | The form is short enough that a visible manual Save or Submit is clearer. | The user is not signed in and the next step is authentication rather than authorization. |
| Required state | Active session with no warning. | Clean state with no exit warning attached. | Initial state that explains progress will be saved automatically. | Whole-object access denied state. |
| Accessibility burden | Warn users early enough to respond and avoid relying on a rapidly changing countdown as the only information. | Use a real dialog or alertdialog for in-app warnings, with a heading that names the loss risk. | Expose autosave status changes in a polite status region so assistive technology users hear Saving, Saved, and Failed states. | Use a heading that identifies the access boundary and a text description that does not rely on lock icons or red color alone. |
| Common misuse | Using a client-only timer that disagrees with the server session. | Warning on every navigation regardless of whether work is dirty. | Removing the Save button while providing no autosave status. | Treating authorization denial as a generic retryable error. |