Test Case Categories
Login Functionality Testing - Critical Test Cases for Secure Authentication and Session Management
Login functionality is a cornerstone of web application security. This guide provides essential test cases to validate authentication processes, session behavior, logout handling, and login-related security measures. It covers general login/logout functionality across platforms and devices. For more focused testing, refer to the dedicated sub-pages covering Login Page Testing and User Registration Testing.
| Nr | Test Idea | |
|---|---|---|
| 1 | Check that user is redirected to correct page after login | |
| 2 | Check that the password value is not kept anywhere in the browser data (network traffic/cookies) | |
| 3 | When logged in user copy/pastes URL and opens it in another browser then he should be redirected to login page | |
| 4 | Check if it should be possible to log in with the same user from multiple devices at the same time | |
| 5 | Check if any notifications should be sent out when there is a login from a new device | |
| 6 | Check how many login attempts can a user have before the account is locked | |
| 7 | Check for how long period account should be locked when maximum attempts are reached | |
| 8 | Check that there would be maximum session time implemented | |
| 9 | Check that user would be redirected to the login page after session time expires | |
| 10 | If it is possible to mark users as inactive in the system then check that they would not be able to log in | |
| 11 | Check that it would not be possible to log in with previous passwords after changing the password | |
| 12 | Check that user is redirected to correct page after logout | |
| 13 | Check that after logging out user would be redirected to the login page when pressing the back button | |
| 14 | Check that user would be logged out from all devices when logging out from one device | |
| 15 | Check that incorrect credentials prompt appropriate error messages without revealing sensitive information. |