mikeash82 commented 5 years ago

@gavinwye commented on 31 Jan 2017

Originally discussed on HMRC internal Slack by @adamfenwick in collaboration with @roblav

@roblav commented on 9 Feb 2017

Feedback from Repayments project DAC report:

Page refresh

WCAG 2.0 References: Provide users with disabilities enough time to read and use content.

WCAG 2.0 reference 2.2 - Enough time https://www.w3.org/TR/WCAG20/#time-limits

Pages that are refreshed periodically can cause access problems for people with disabilities. Some with disabilities simply need more time to finish reading a page or completing a form. Refreshing the page before the user has finished using it can be a very frustrating experience; particularly if the session is reset and any interaction with the page, such as a partially completed form is lost.

Although we appreciate that session time-outs are important for security, these must not prohibit disabled users from using the website.

Result = Fail

A time-out was present that resulted in users being logged out after a certain time of inactivity. As it may take some users longer than others to complete tasks online, it is important that a warning is presented to inform of this functionality and where possible the option to extend this time.

High priority A

Technical Comment: Time-out without warning

Issue ID: DAC_TECH_Refresh_Issue1

Screen Shot: selection_014

There is a time-out feature present on the service that does not warn users that this is the case. This can prove disorienting for users; a warning must be provided and where possible the option to delay the time out.

Issue ID: DAC-USER-SRTB-T1-02

1) What type of issue did you experience? Time out function without warning for blind users.

2) Where was the issue? Please give the URL. Identified on the ‘happy path’ section (journey 1.)

Screen shot 2 showing time out message:

3) Describe the issue in detail and where it occurred on the page While attempting to enter account details, I found that blind Talkback users will be logged out without warning if no activity has been detected.

4) How did you work around this issue? There is currently no work around for this issue.

Solution

For each time limit that is set by the content, at least one of the following is true:

Turn off: The user is allowed to turn off the time limit before encountering it; or Adjust: The user is allowed to adjust the time limit before encountering it over a wide range that is at least ten times the length of the default setting; or Extend: The user is warned before time expires and given at least 20 seconds to extend the time limit with a simple action (for example, "press the space bar"), and the user is allowed to extend the time limit at least ten times; or Real-time Exception: The time limit is a required part of a real-time event (for example, an auction), and no alternative to the time limit is possible; or Essential Exception: The time limit is essential and extending it would invalidate the activity; or 20 Hour Exception: The time limit is longer than 20 hours.

@roblav commented on 9 Feb 2017

Here's the pattern that was created by Jen Rahman and Billy Adamson.

selection_016

We followed the guidance of Chris Moore, our very own Accessibility champion, about the implementation using a modal box, implementing our solution using the criteria that follows.

Make sure the modal dialog box is accessible

If you use a modal dialog box then you must make sure it is accessible by doing these things:
set the role attribute to 'dialog' - give the containing element of the dialogue the 'dialog' role. This will inform screen readers they’re dealing with a dialogue
on open, keyboard focus must be assigned to the dialogue (give it tabindex=-1 to allow this)
give the dialog a name using either aria-label (to put the name in an attribute) or aria-labelledby (to link it to the id of an element with its name like a heading) that is recognised by assistive technologies
whilst open, keyboard focus must be constrained within the dialogue
it must be possible to close the dialogue via a close button and/or with the escape key
on close, keyboard focus must be returned to the original point on the page
visually fade the underlying page whilst a modal dialogue is open. This helps users of screen magnifiers understand why they’re unable to interact with the underlying page
prevent scrolling of the underlying page whilst a modal dialog is open. The user should not be able to interact with the original page whilst it's open.
test thoroughly on a range of screen sizes to make sure they work properly

Online references

@feedmypixel commented on 9 Feb 2017

@roblav thanks for the contribution. Some comments we had in slack that are worth exposing in this issue:

IMO what is needed from session timeout:

explain when a user is logged out and why they have been logged out
if possible save data they have submitted in the journey so far
if possible return user to same place in journey before they were logged out when they log back in so any disruption is minimal

Thoughts:

if a user is not using the page then it should timeout (granted)
if a user is not using a page it's highly possible they will not see a modal window telling them they are going to timeout
the user doesn't know or care about the session
the user will be reassured we log out for security reasons after a period of time

To start with I'd ask what is the user need? and how can we address this in a progressive and accessible way?

A good read around modals

https://developer.appway.com/screen/ShowSingleRecipe/selectedRecipeId/1390246496349

@adamliptrot-oc commented on 9 Feb 2017

Whilst inline alerts described by the linked article are generally preferable to dialogs, the difference between this and the examples cited is that those examples are the result of direct user interaction triggering the dialog and user focus is on the particular part of the screen where the alert will be inlined. Here we are talking about something which is not a result of user interaction and needs to be brought front-and-centre for the user. For example, in the case of a user employing a screen magnifier, what would the solution be for an inline alert given the user might be quite literally focussed on a different part of the page?

In addition, the examples don’t have any major consequences if the user does not interact with the dialog, whereas in the case of the timeout they can be signed out.

What we don't want is for this dialog pattern to be taken as a reason to introduce more dialogs where inlined alerts would be preferable. So if progressed I think we'd need a set of preferred patterns developing to cover other instances where people might think to employ a dialog (such as those in the linked article).

@adamliptrot-oc commented on 9 Feb 2017

I think the 20-hour exemption quoted in https://www.w3.org/TR/WCAG20/#time-limits feels a little arbitrary. We’re currently running with an extended session timeout of 30 mins on our service and will be gathering data about how this additional time assists all users by preventing unwanted session ends.

@roblav commented on 9 Feb 2017

In response to your the above comments:

IMO what is needed from session timeout:

explain when a user is logged out and why they have been logged out

The content provided in the modal has been supplied by the content/design team, and has been approved by Chris Moore. It explains that it is for the users security that they will be signed out.

if possible save data they have submitted in the journey so far

This isn't an issue as they are still on the page, at the same point in the service.

if possible return user to same place in journey before they were logged out when they log back in so any disruption is minimal

This happens already as required by the criteria given in Make sure the modal dialog box is accessible - on close, keyboard focus must be returned to the original point on the page

@feedmypixel commented on 9 Feb 2017

In response to your the above comments:

@roblav thanks. My thoughts were about providing these needs without a modal. Then potentially there may be no need for one. The question for me is what is the original pain point for users and how we can mitigate against those, that was what my thoughts were around. Also if these things can be solved without JavaScript it makes it all the bit more resilient.

@timsb commented on 23 Feb 2017

Hi all, I found this this morning and thought it might be helpful - http://blog.barrierbreak.com/2017/02/14/modal-dialogs-and-accessibility-a-tricky-minefield/ It has some useful points on creating accessible modal windows but I must admit that the mailing list I got this from had the sub-heading 'Of course, the simplest solution is to stop using them'.

@david-mcdowell commented on 22 Mar 2017

Hi, I've recently created some new timeout screens for lost creds and 2SV registration.

Lost creds - the user will see this error during a lost credentials flow. I think the inactivity is set to 7 minutes lost-creds-timeout

2SV - this one is displayed when access code text (or call back) takes too long to arrive 2sv-timeout

@david-mcdowell commented on 22 Mar 2017

We also use this one in the IV journey, usually appears if the user takes too long to find evidence options. e.g. they've gone to find a payslip to prove their identity and it takes too long.

iv-timeout

@david-mcdowell commented on 22 Mar 2017

this one also got sent round the design team and I thought it was useful to inform my thinking.

passport-timeout-01

@alex16wake commented on 25 Jul 2017

On SCRS we have a modal window that someone else has mentioned and we used this because it has been approved for accessibility and tested well with users when we did some scenario testing. Example below

@stevenaproctor commented on 26 Jul 2017

I think we need to look at the content of all these suggestions. There is a lot of jargon that could be made simpler. Things like timeout, inactivity, session are web jargon.

For a modal, screen readers must announce the title and set focus to the link or button at the same time. Not all content may be read out.

Something like:

For your security, you will be signed out in 1 minute. <button>Stay signed in @gavinwye commented on 30 Aug 2017 ## Meeting notes ### Attendees - @roblav - @bethnoble - @gavinwye ### Notes - The work on the pattern to date has been done by @roblav without support from an interaction designer. We need to find people to support this side of the work. - The pattern will be owned by the pattern library and in time will be supported by the patterns working group. - @edwardhorsford at GDS has been working on a similar pattern. We prefer the design of this compared to our pattern but think we may have done more work to make the pattern accessible. - @chrismoorembe is doing an accessibility review of the two patterns. - We will try to combine the interface design of @edwardhorsford's pattern with the accessibility improvements of @roblav's version. - We need to ensure that the content for the pattern covers all services at HMRC. We will try to make the content as generic as possible adding additional content as necessary for individual services - We don't want to use terms like time out, interactivity and session as @stevenaproctor pointed out in his comment above. - Once we consider the pattern to be usable by a number of services we will review it again and submit the pattern to the HMRC working group for review and inclusion in the HMRC pattern library. - More user research is needed on the pattern. There has only been one round of research to date. However, as we will be iterating the design of the pattern we will need to ensure that the pattern is useful for users. - We will aim to upstream any useful work to the rest of Government. ### Actions - [ ] @gavinwye to help out from an interaction design perspective - [ ] @gavinwye to speak to @fred-jackson about supporting from a content design perspective - [ ] @roblav to build the pattern into the [design pattern's prototype](https://github.com/hmrc/design-patterns) - [ ] @fred-jackson to review content for the pattern and suggest content variations that meet the needs of HMRC services - [ ] @gavinwye to ensure that the interface and interaction design is consistent with the rest of government. @chrismoorembe commented on 31 Aug 2017 I’ve taken a look at the proposed GDS time-out modal with JAWS 17 for Windows, and the current versions of VoiceOver screen reader for Mac and iOS. The first thing that struck me about the modal is that it has been coded to use the <dialog> tag. This is great for ensuring it isn’t dependant on JavaScript, but fails to correctly work on those browsers that don’t fully support the dialog tag yet. The modal worked fine on Chrome, Firefox and the latest version of Safari on the Mac. Focus is moved to the action button to extend the session and there is a keyboard trap so non mouse users can’t stray outside the modal. When testing with IE11, the modal doesn’t behave completely as expected as there is no keyboard trap, and the button that has default focus is not automatically announced. Also, the modal completely falls over while using Safari on iOS. This is a deal breaker for me, as in the last GOV.UK assistive technology survey, both IE11 and Safari for iOS were the 2 most commonly used browsers with screen readers. Robert’s prototype worked across all browsers and assistive technologies and this was also independently tested by the Digital Accessibility Centre. I also feel that the content being used inside the modal is more verbose than it needs to be, and that having 3 actions falls short of simplicity. I also didn’t expect the ‘Cancel’ link to take me back to the GOV.UK home page. To keep things simple, I think there should be only one action within the modal to extend the time-out. The user should be able to trigger this by the escape key to dismiss the modal, activate the default action button by spacebar, enter, tap or mouse click. If the time out is extended, the user can either save their current information or continue with the application. If less idle the modal box will close the application and the user will b taken to a page that explains to the user what happened and why, and what they can do next. The timed out page on offer by GDS also enables the user to go back to the GOV.UK modal, so I feel that including ‘Cancel’ within the modal offers little value. The user also has the option to delete their data, but how this differs to the application being reset may not be clear to users. If the user chooses to leave the page, go back to the GOV.UK home page or close the application, we should automatically delete the data. The GDS wording for the time-out modal is: Alert:Your application will time out soon We will reset your application if you do not respond in 1 minute. We do this to keep your information secure. Useful additional information: you have not left the current page. If you close this modal, you will be able to continue with your current application. Continue application (button) Save application Cancel application Comment: This could be much simpler, less verbose and I don’t think real users will know what a modal is. Suggestion: "Alert:Your application will time out soon We will reset your application if you do not respond in 1 minute. We do this to keep your information secure. Continue using application (button)" When the user is finally kicked out for inactivity, they get the following message: <TITLE>You’ll have to start again

Your application has timed-out

We have reset your application because you did not do anything for 10 minutes. We did this to keep your information secure. If you don’t want to start again, you can Return to GOV.UKlink>Delete data Comment: We usually advise that the page title and H1 should mirror each other, but they don’t in this pattern. Has it been determined that 10 minutes is all we now need to allow before a product or service times out? We are currently giving 15 minutes on HMRC services The wording above refers to the service as an application. Is this wording being used because the service is enabling the user to apply for something? Are we able to amend the wording to meet our BTA/PTA needs? For example: “ You’ve been signed out

You’ve been signed out

We have signed you out of your account. because you did not do anything for 15 minutes. We did this to keep your information secure." I am not sure what timed out wording we are currently using within Robert’s prototypes, but I’ll leave the crafting to Steve and Fred. > On 30 Aug 2017, at 18:34, Gavin Wye wrote: > > Meeting notes > > Attendees > > @roblav > @bethnoble > @gavinwye > Notes > > The work on the pattern to date has been done by @roblav without support from an interaction designer. We need to find people to support this side of the work. > The pattern will be owned by the pattern library and in time will be supported by the patterns working group. > @edwardhorsford at GDS has been working on a similar pattern. We prefer the design of this compared to our pattern but think we may have done more work to make the pattern accessible. > @chrismoorembe is doing an accessibility review of the two patterns. > We will try to combine the interface design of @edwardhorsford 's pattern with the accessibility improvements of @roblav 's version. > We need to ensure that the content for the pattern covers all services at HMRC. We will try to make the content as generic as possible adding additional content as necessary for individual services > We don't want to use terms like time out, interactivity and session as @stevenaproctor pointed out in his comment above. > Once we consider the pattern to be usable by a number of services we will review it again and submit the pattern to the HMRC working group for review and inclusion in the HMRC pattern library. > More user research is needed on the pattern. There has only been one round of research to date. However, as we will be iterating the design of the pattern we will need to ensure that the pattern is useful for users. > We will aim to upstream any useful work to the rest of Government. > Actions > > @gavinwye to help out from an interaction design perspective > @gavinwye to speak to @fred-jackson about supporting from a content design perspective > @roblav to build the pattern into the design pattern's prototype > @fred-jackson to review content for the pattern and suggest content variations that meet the needs of HMRC services > @gavinwye to ensure that the interface and interaction design is consistent with the rest of government. > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub , or mute the thread . > @stevenaproctor commented on 31 Aug 2017 @gavinwye @bethnoble I worked with @roblav on the content of his alert and me and @rebekah-barry from DWP made suggestions to @edwardhorsford for GDS's. I totally agree with @chrismoorembe that the content is too long. Do people need that much explanation? Does it add value at that moment in time? We should avoid 'sorry' because we are not sorry, 'modal', 'timed out' or any kind of web jargon. There needs to be at least 2 versions: one for a service you are signed in to, and one where you are not. I have taken a look at the content we suggested and refined it a little. Hopefully this will help @fred-jackson. **For a service you are signed in to** Title: For your security, we will be sign you out of this service in 5 minutes. Any information you do not send or save will be deleted. Button: Stay signed in Link: Sign out The second sentence in the title is optional. If you have save and return you could say "Your details have been saved." The link should be under the green button not floating to the right of the button. That looks odd to me and means the button is on the left of the box and not full width like it is on a transaction page. **For a service you are not signed in to** Title: For your security, we will clear your details in 5 minutes. Button: Continue Link: Clear my details now Again, the link should be under the green button not floating to the right of the button. The link should take them to the service's start page. It is not logical to take them to GOV.UK because they may never have been there during their journey. **When you have been signed out** Again, there needs to be 2 versions of this. If they are signed in to the service: Title: You have been signed out H1: You have been signed out Paragraph: For your security, we signed you out of this service because you did not do anything for 15 minutes. Any information you did not send or save was deleted. Button: Sign in Again, the second sentence in the paragraph is optional and could say "Your details have been saved." if the service has save and return. If they are not signed in to the service: Title: You will have to start again H1: You will have to start again Paragraph: For your security, we cleared your details because you did not do anything for 15 minutes. Paragraph: If you do not want to start again, you can [explore GOV.UK](https://www.gov.uk). Button: Start again @edwardhorsford commented on 31 Aug 2017 Hi @chrismoorembe / @stevenaproctor @gavinwye , I worked on our modal design with @hannalaakso. She can hopefully take a look at the HMRC modal and your findings. Ideally we'd get the best of both. Our intention (and the bulk of the work) has been on accessibility. We've so far taken it through 2 rounds of user research, with 2 more to follow. So far it as worked very well, with some content tweaks in the last round. Understanding of it has been really high - everyone seems to know what 'timed out' means. Has anyone observed users using browser back when the modal opens? I'm planning adding something to the history when it opens so that if they do use browser back, they stay on the current page (and delete from history when closed). --- @chrismoorembe going through your comments in turn: > The first thing that struck me about the modal is that it has been coded to use the

stevenaproctor commented 5 years ago

I think this is covered by #30, #103 and #104. Do you think we should add our comments to those issues?

ghost commented 5 years ago

In relation to this, we have received a DAC report stating that we should be warning the user BEFORE this pattern even appears, that there is a timeout feature in place, potentially at the start of a service. Is this something that has been implemented elsewhere? Worth noting that this is a AAA standard, so classed as "low" priority, but none the less a becoming a more common comment in DAC reports.

edwardhorsford commented 5 years ago

In relation to this, we have received a DAC report stating that we should be warning the user BEFORE this pattern even appears, that there is a timeout feature in place, potentially at the start of a service. Is this something that has been implemented elsewhere? Worth noting that this is a AAA standard, so classed as "low" priority, but none the less a becoming a more common comment in DAC reports.

I'd be cautious about this - something to test. I've heard several times from other services that putting mention of things like this up front concerns / scares users. They frequently misunderstand the meaning of timeout - and for a 30 minute timeout think they'll have a limit of 30 minutes to complete their application rather than them needing to have 30 minutes of inactivity and have unlimited time overall.

Timeouts depend heavily on the service - for many services you can fill them in quickly and will rarely encounter the timeout - for these services, warning up front may unduly concern users where they wouldn't otherwise worry.

For services where you're more likely to encounter the timeout it's more important to talk about what information you might need up front and for the service team to consider how users might recover / continue their application (accounts, save & return, codes and whatnot).

terrysimpson99 commented 5 years ago

I'm happy to see the phrase "Ultimately the timeout will be for services to decide. I expect our guidance to be that it shouldn't be less than 15 minutes, ideally 30 minutes or more. ".

What would happen if we acted on that?

terrysimpson99 commented 4 years ago

There's a 30 minute timeout on the following service:

terrysimpson99 commented 4 years ago

There's a 1 hour timeout on

terrysimpson99 commented 4 years ago

The current timeout can result in user being timed out 121 seconds after being active (e.g. a key press). This is barely enough to answer the door, make a cup of tea, or have a call of nature. Has anyone developed a timeout (perhaps client-based) that measures user activity (key presses, mouse moves)?

titlescreen commented 4 years ago

@terrysimpson99 we have not. We show the timeout popup after 30 minutes. When we send someone off to verify we extend this to 60 minutes which allows almost all our users to try a couple of providers and hopefully get through.

hannalaakso commented 4 years ago

@mikeash82 Is this issue a duplicate of https://github.com/alphagov/govuk-design-system-backlog/issues/104 and https://github.com/alphagov/govuk-design-system-backlog/issues/103?

hannalaakso commented 4 years ago

Closing this as duplicate of https://github.com/alphagov/govuk-design-system-backlog/issues/104. Comments have been moved over to that issue.

alphagov / govuk-design-system-backlog

Service timeout #175

Page refresh

High priority A

Solution

Make sure the modal dialog box is accessible

A good read around modals

Your application has timed-out

You’ve been signed out