How do you test the login feature of a web application?

This is a very common software testing interview question and the aim is to see how broad you can think about the feature. Most interviewees start with the obvious answer of checking input fields with positive and negative values, invalid email, valid email but incorrect password, sql injection, etc. But most of these tests can be done and should be done by the developers as part of integration testing.

Here the focus is on testing at system level, tests which cannot be done without a full integrated system.
Answer: Possible answers to this testing interview question can be:
  • Sign in with valid login, Close browser and reopen and see whether you are still logged in or not.
  • Session management is important – how do we keep track of logged in users, is it via cookies or web sessions?
  • Sign in, then logout and then go back to the login page to see if you are truly logged out.
  • Login, then go back to the same page, do you see the login screen again?
  • Sign in from one browser, then open another browser to see if you need to sign in again?
  • Login, change password, and then logout, then see if you can login again with the old password.


Feel free to contact the admin for any suggestions and help.