UX Patterns Guide
UI + UX Error Prevention And Recovery established

Session timeout warning

Track server-backed idle and absolute session boundaries, warn users before expiry with remaining time and consequence copy, provide allowed extension, save, sign-out, or reauthentication actions, preserve recoverable work, and restore users to the intended task after reauthentication.

Open in lab Compare alternatives
Decision first

Choose this pattern when the problem matches

Use when

  • An authenticated session can expire because of inactivity, overall lifetime, assurance policy, or reauthentication requirement.
  • Timeout could interrupt meaningful work, expose private data, or cause confusing failures.
  • The product can warn before expiry and offer at least one honest extension, save, reauthentication, or sign-out path.
  • Users need to know whether their progress will survive a timeout.

Avoid when

  • There is no authenticated session boundary and the issue is ordinary navigation away.
  • The user lacks authorization while still signed in.
  • A background save can fully preserve work and no session-facing action is needed before expiry.
  • The message is a broad outage or maintenance notice.
  • Security policy requires immediate termination with no user-facing delay; show signed-out recovery instead.

Problem it prevents

Authenticated products can expire idle or long-running sessions without enough warning, causing loss of work, privacy exposure, confusing access errors, duplicate submissions, or failed reauthentication recovery.

Pattern anatomy

What a strong implementation has to make clear

User need

The product has authenticated sessions with idle timeout, absolute timeout, public-device risk, assurance-level requirements, or reauthentication policy.

Pattern promise

Track server-backed idle and absolute session boundaries, warn users before expiry with remaining time and consequence copy, provide allowed extension, save, sign-out, or reauthentication actions, preserve recoverable work, and restore users to the intended task after reauthentication.

Required state

Active session with no warning.

Recovery path

The countdown shows time remaining after the server has already expired the session.

Access contract

Warn users early enough to respond and avoid relying on a rapidly changing countdown as the only information.

Quality bar

The difference between expert and weak execution

Strong implementation

Specific, visible, recoverable

  • A benefits form shows Your session will end in 2 minutes, says the draft is saved, and offers Stay signed in, Save and sign out, and Sign out.
  • A banking session requires reauthentication, keeps entered transfer details hidden but preserved, and returns to review after the user verifies again.
  • A user pauses while gathering documents, sees the remaining time, extends the session once, then saves the draft before policy requires reauthentication.
  • A public-computer user ignores the warning and the product signs out, hides private content, and offers sign-in that restores only the allowed draft state.
Weak implementation

Vague, hidden, hard to recover from

  • The app logs out after 15 minutes with no countdown and clears a long form.
  • A banner says Session expiring soon but does not say when, whether work is saved, or how to continue.
  • A user returns from a phone call to find the form gone and a generic access denied page.
  • A user clicks Stay signed in, but the server session is already expired and the next submit fails without preserving the answers.
UI guidance
  • Show a visible countdown or clear expiry time before inactivity, absolute session, or reauthentication limits can interrupt work; place the warning near the current task or as a focused dialog when immediate action is required.
  • Offer only policy-valid actions such as Stay signed in, Save draft, Finish now, Reauthenticate, or Sign out, and state what work is saved, local-only, pending, or at risk.
UX guidance
  • Use session timeout warning to balance security, privacy, accessibility, and continuity when an authenticated session is about to expire or require reauthentication.
  • Protect user effort by warning before expiry, preserving work where possible, and returning users to the same task after reauthentication instead of treating timeout as a generic failure.
Implementation contract

What the implementation must handle

States

  • Active session with no warning.
  • Early idle warning with remaining time and current save state.
  • Imminent timeout dialog with Stay signed in or policy-valid action.
  • Extension in progress state tied to server confirmation.

Interaction

  • The warning is driven by the authoritative session or identity state, not only a local countdown.
  • Remaining time updates are readable and do not steal focus repeatedly.
  • Stay signed in, extend session, or reauthenticate actions make a server-confirmed request and update the warning outcome.
  • Save draft keeps recoverable work before expiry and tells users whether the save completed, failed, or remains local.

Accessibility

  • Warn users early enough to respond and avoid relying on a rapidly changing countdown as the only information.
  • Use visible text for remaining time, consequence, and action; do not rely on color, motion, or icon-only signals.
  • Use polite status updates for early warnings and a focused dialog only when expiry is imminent and action is required.
  • Avoid announcing every countdown tick; announce meaningful thresholds and action outcomes.

Review

  • Which boundary is approaching: idle timeout, absolute timeout, reauthentication, or sign-out policy?
  • Is the displayed countdown tied to the server or identity provider?
  • What work is saved, pending, failed, local-only, submitted, or at risk?
  • What action is actually allowed: extend, save, reauthenticate, finish, or sign out?
Interactive lab

Inspect the states before you copy the pattern

Protect work before timeout

Move a benefits form through early warning, imminent timeout, extension, save draft, reauthentication, expiry, and restored return states; compare no warning, vague timer, client-only extension, data loss, privacy leak, and alert-loop failures.

Session timeout warning
Interactive demo is ready

Launch the live UI/UX lab when you want to inspect states, keyboard behavior, and common failure modes.

State To Inspect

Active session with no warning.

Keyboard / Access

Early warning controls appear in normal tab order without moving focus away from the current field.

Avoid Generating

Using a client-only timer that disagrees with the server session.
Evidence trail

Source-backed claims behind this guidance

NIST SP 800-63B Session Management

National Institute of Standards and Technology - checked

NIST documents inactivity timeout, overall timeout, and reauthentication reset behavior.

Full agent/debug reference

Problem Context

  • The product has authenticated sessions with idle timeout, absolute timeout, public-device risk, assurance-level requirements, or reauthentication policy.
  • Users may be filling forms, reviewing payments, uploading files, editing content, approving records, or reading private data when inactivity occurs.
  • A timeout can affect security and privacy as well as task continuity, especially on shared devices or sensitive data surfaces.
  • The product can determine the authoritative session boundary from the server or identity provider rather than from a client-only timer.

Selection Rules

  • Choose session timeout warning when the session is approaching an inactivity, absolute, device-lock, or reauthentication boundary that can interrupt authenticated work.
  • Show the warning before the boundary, with enough time for users who need more time to respond, save, or reauthenticate.
  • State the remaining time or expiry time, the consequence of expiry, and the status of current work.
  • Use a modal or alertdialog when expiry is imminent and the next action must be chosen before continuing; use inline or banner status for earlier, less urgent warnings.
  • Use exit warning when the user initiates departure; use session timeout warning when the system initiates a session boundary because of time or policy.
  • Use autosave form to preserve progress continuously; still warn when pending or failed saves make timeout risky.
  • Use permission denied state when the user is authenticated but lacks authorization, not when the session has expired.
  • Do not offer Stay signed in when policy requires reauthentication or absolute termination; offer Save draft, Reauthenticate, or Sign out instead.
  • After timeout, route users to sign in or reauthenticate and return to the original task with preserved data where policy and architecture allow.
  • Treat public-device and high-risk flows carefully: hide private content after expiry, avoid leaking form values on signed-out pages, and disclose what remains recoverable.

Required States

  • Active session with no warning.
  • Early idle warning with remaining time and current save state.
  • Imminent timeout dialog with Stay signed in or policy-valid action.
  • Extension in progress state tied to server confirmation.
  • Extension succeeded state that resets the displayed timer.
  • Extension failed or expired state that routes to reauthentication.
  • Absolute timeout or policy-required reauthentication state.
  • Saved draft before timeout state.
  • Timed-out signed-out state with private content hidden.
  • Reauthenticated return state that restores the intended task and preserved work.

Interaction Contract

  • The warning is driven by the authoritative session or identity state, not only a local countdown.
  • Remaining time updates are readable and do not steal focus repeatedly.
  • Stay signed in, extend session, or reauthenticate actions make a server-confirmed request and update the warning outcome.
  • Save draft keeps recoverable work before expiry and tells users whether the save completed, failed, or remains local.
  • If the session expires, private content is hidden and the next path is sign in or reauthenticate, not retrying the expired action blindly.
  • After successful reauthentication, users return to the same route, step, record, or review state when policy allows.
  • The warning never promises preservation or extension that the security policy cannot deliver.

Implementation Checklist

  • Define idle timeout, absolute timeout, reauthentication threshold, extension limits, public-device behavior, and post-timeout retention policy with security owners.
  • Use server or identity-provider expiry information to schedule warnings and verify extension success.
  • Choose warning thresholds that leave time to read, save, extend, or reauthenticate, including users who need more time.
  • Track work state separately from session state: clean, dirty, pending save, save failed, saved draft, submitted, and unrecoverable.
  • Make Stay signed in, Save draft, Reauthenticate, and Sign out distinct actions with clear outcomes.
  • Hide or clear sensitive UI after expiry while preserving allowed draft references or return targets.
  • Announce imminent timeout and extension results without causing repeated screen reader interruptions.
  • Test server-expired token, client clock skew, multiple tabs, backgrounded mobile app, failed extension, absolute timeout, saved draft return, reauthentication return, and shared-device sign-out.

Common Generated-UI Mistakes

  • Using a client-only timer that disagrees with the server session.
  • Showing Session expiring soon without a time, consequence, or action.
  • Logging users out without preserving form work that could have been saved.
  • Offering unlimited extension where policy requires reauthentication or termination.
  • Treating timeout as access denied, not found, generic error, or retryable network failure.
  • Leaving private content visible behind a timed-out overlay on shared devices.
  • Interrupting users repeatedly with countdown announcements every second.

Critique Questions

  • Which boundary is approaching: idle timeout, absolute timeout, reauthentication, or sign-out policy?
  • Is the displayed countdown tied to the server or identity provider?
  • What work is saved, pending, failed, local-only, submitted, or at risk?
  • What action is actually allowed: extend, save, reauthenticate, finish, or sign out?
  • What happens after expiry to private content and the user's return target?
  • Can users who need more time perceive the warning and respond before the session ends?
Accessibility
  • Warn users early enough to respond and avoid relying on a rapidly changing countdown as the only information.
  • Use visible text for remaining time, consequence, and action; do not rely on color, motion, or icon-only signals.
  • Use polite status updates for early warnings and a focused dialog only when expiry is imminent and action is required.
  • Avoid announcing every countdown tick; announce meaningful thresholds and action outcomes.
  • Keep Stay signed in, Save draft, Reauthenticate, and Sign out controls keyboard reachable with clear labels.
  • After reauthentication, return focus to the task location or recovery message, not the top of an unrelated page.
Keyboard Behavior
  • Early warning controls appear in normal tab order without moving focus away from the current field.
  • An imminent timeout dialog moves focus to the heading or safest action and traps focus only while the dialog is active.
  • Escape should not silently dismiss the only warning if expiry is imminent; it may choose Continue working only when policy allows extension.
  • Stay signed in, Save draft, Reauthenticate, and Sign out activate with Enter or Space.
  • After extension success, focus returns to the previously focused control or a stable status region.
  • After timeout and reauthentication, focus returns to the restored task step when possible.
Variants
  • Idle timeout countdown
  • Absolute session timeout warning
  • Stay signed in dialog
  • Reauthentication required warning
  • Save before timeout warning
  • Public computer timeout
  • Multiple-tab session warning
  • Mobile background timeout
  • Timed-out return-to-task recovery

Verification

Last verified: