w3c · patrickhlauke · May 5, 2025 · May 5, 2025 · May 5, 2025 · May 5, 2025
diff --git a/understanding/20/re-authenticating.html b/understanding/20/re-authenticating.html
@@ -1,79 +1,74 @@
 <!DOCTYPE html>
 <html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
 <head>
-   <meta charset="UTF-8"></meta>
+   <meta charset="UTF-8"/>
    <title>Understanding Re-authenticating</title>
    <link rel="stylesheet" type="text/css" href="../../css/sources.css" class="remove"/>
 </head>
 <body>
    <h1>Understanding Re-authenticating</h1>
-   
+
    <section id="brief">
       <h2>In brief</h2>
       <dl>
          <dt>Goal</dt><dd>Users do not lose information or context due to reauthentication.</dd>
          <dt>What to do</dt><dd>Preserve users' prior activity and data through reauthentication.</dd>
-         <dt>Why it's important</dt><dd>Some people may require additional time to complete an activity.</dd> 
+         <dt>Why it's important</dt><dd>Some people may require additional time to complete an activity.</dd>
       </dl>
 
    </section>
-   
+
    <section id="intent">
       <h2>Intent of Re-authenticating</h2>
-
-
+
       <p>The intent of this success criterion is to allow all users to complete authenticated
          transactions that have inactivity time limits or other circumstances that would cause
          a user to be logged out while in the midst of completing the transaction.
       </p>
-
       <p>For security reasons, many sites implement an authentication time limit after a certain
          period of inactivity. These time limits may cause problems for persons with disabilities
-         because it may take longer for them to complete the activity. 
+         because it may take longer for them to complete the activity.
       </p>
-
       <p>Other sites will log a person out of a session if a person logs in on the website
          from another computer or if other activities arise that make the site suspicious of
          whether the person is still the same legitimate person who logged in originally. When
          users are logged out while still in the midst of a transaction - it is important that
          they be given the ability to re-authenticate and continue with the transaction without
          the loss of any data already entered.
-
       </p>
-
-
+      <p class="note">Sites that implement session time limits and re-authentication requests are
+         still subject to the requirements of other criteria, such as
+         <a href="timing-adjustable">2.2.1 Timing Adjustable</a>.
+      </p>
    </section>
+
    <section id="benefits">
       <h2>Benefits of Re-authenticating</h2>
-
-
+
       <ul>
-
          <li>This success criterion benefits people who may require additional time to complete
             an activity. People with cognitive limitations may read slowly and require additional
             time to read and respond to a questionnaire. Users interacting via a screen reader
-            may need extra time to navigate and complete a complicated form. 
+            may need extra time to navigate and complete a complicated form.
             A person with motor impairments or who navigates with an alternative input device
             may require additional time to navigate through or complete input within a form.
          </li>
-
          <li>In circumstances where a sign-language interpreter may be relating audio content to
             a user who is deaf, control over time limits is also important.
          </li>
-
       </ul>
-
    </section>
-   
+
    <section id="examples">
       <h2>Examples of Re-authenticating</h2>
-      
+
       <dl>
          <dt>A shopping site checkout</dt>
-         <dd>A user with extremely limited use of the hands is logged into a shopping site. It
-               takes so long to enter credit card information into the application that a time limit
-               occurs while the user is performing the checkout process. When the user returns to
-               the checkout process and submits the form, the site returns a login screen to re-authenticate.
+         <dd>A user is logged into a shopping site. While in the middle of the checkout process, the user
+               is interrupted and has to leave their computer. While they are away, the site prompts the user
+               that the process is about to time out, and offers the ability to extend the timeout – but with
+               the user away, the timeout is not extended and the user is logged out. When the user returns to
+               the computer, they have to re-authenticate.
                After the user logs in, the check out process is restored with the same information
                and at the same stage. The user did not lose any data because the server had temporarily
                accepted and stored the submission even though the session had timed out and restored
@@ -85,94 +80,61 @@ <h2>Examples of Re-authenticating</h2>
                remains intact and, after re-authentication, the user may send that data.</dd>
          <dt>A questionnaire with a time limit</dt>
          <dd>A long questionnaire provided within a single web page has information at the beginning
-               that indicates that the session will time out after 15 minutes. The user is also informed
+               that indicates that the session will time out after 20 hours. The user is also informed
                that the questionnaire can be saved at any point and completed at a later time. Within
                the web page there are several buttons provided to save the partially completed form.
                In addition, with JavaScript in the list of accessibility-supported content technologies
                that are relied upon, the user can elect to be alerted via a pop-up if the session
                is close to timing out.</dd>
       </dl>
-
    </section>
-   
+
    <section id="resources">
       <h2>Resources for Re-authenticating</h2>
-
-
    </section>
-   
+
    <section id="techniques">
       <h2>Techniques for Re-authenticating</h2>
-
-
+
       <section id="sufficient">
          <h3>Sufficient Techniques for Re-authenticating</h3>
-
-
+
          <ul>
-
             <li>
-
-               <p>
-                  Providing options to continue without loss of data using one of the following techniques:
-               </p>
-
+               <p>Providing options to continue without loss of data using one of the following techniques:</p>
                <ul>
-
                   <li>
-
                      <a href="../Techniques/general/G105" class="general">Saving data so that it can be used after a user re-authenticates</a>
-
                   </li>
-
                   <li>
-
                      <a href="../Techniques/general/G181" class="general">Encoding user data as hidden data in re-authorization page</a>
-
                   </li>
-
                </ul>
-
             </li>
-
          </ul>
-         
+
          <div class="note">
-
-            <p>Refer to 
+            <p>Refer to
                <a href="timing-adjustable#techniques" class="understanding">Techniques for Addressing Success Criterion 2.2.1</a> for techniques related to providing notifications about time limits.
-
             </p>
-
          </div>
-
       </section>
-      
+
       <section id="advisory">
          <h3>Additional Techniques (Advisory) for Re-authenticating</h3>
-
-
       </section>
-      
+
       <section id="failure">
          <h3>Failures for Re-authenticating</h3>
-
-
+
          <ul>
-
             <li>
-
                <a href="../Techniques/failures/F12" class="failure">Failure due to having a session time limit without a mechanism for saving user's input
                   and re-establishing that information upon re-authentication
                </a>
-
             </li>
-
          </ul>
-
       </section>
-
    </section>
-
 </body>
 </html>