SoftwareTestPilot
Manual TestingPublished: 14 min read

How to Write Test Cases for a Login Page (2026 Template + 40 Examples)

Step-by-step guide to writing test cases for a login page — functional, UI, security, performance and negative scenarios. Includes a free template and 40 ready-to-use examples.

Avinash Kamble
Avinash Kamble
Founder & QA Engineer at SoftwareTestPilot
Reviewed by Priyanka G.
Share:XLinkedInWhatsApp
In this article
  1. 1. What Is a Login Test Case?
  2. 2. Login Test Case Template
  3. 3. Functional Test Cases (12)
  4. 4. UI / UX Test Cases (8)
  5. 5. Security Test Cases (10)
  6. 6. Performance & Compatibility (6)
  7. 7. Negative & Edge Cases (4)
  8. 8. Common Mistakes to Avoid
  9. 9. Next Steps
  10. Frequently asked questions

The login page is the single most-asked artefact in QA interviews and the first feature you'll touch on almost every project. If you can write clean, thorough test cases for a login page, you can write them for anything.

This guide gives you a battle-tested template, 40 example test cases covering functional, UI, security and performance scenarios, and the exact mindset hiring managers look for. Pair it with our manual testing interview questions and rehearse aloud in the AI Mock Interview.

1. What Is a Login Test Case?

A login test case is a documented set of steps that verifies one specific behaviour of the authentication flow — for example, "valid user with correct password is redirected to the dashboard". Good login test cases are atomic, repeatable, independent and tied to a clear expected result.

2. Login Test Case Template

Use this template for every test case you write:

FieldExample
Test Case IDTC_LOGIN_001
TitleLogin with valid credentials
ModuleAuthentication
PriorityHigh
PreconditionsUser is registered & verified
Test Dataemail=user@test.com / pwd=Valid@123
Steps1. Open /login 2. Enter email 3. Enter password 4. Click Sign in
Expected ResultUser is redirected to /dashboard and sees their name
Actual Result(fill during execution)
StatusPass / Fail

For complex flows, layer test design techniques like Equivalence Partitioning, Boundary Value Analysis and Decision Tables — covered in depth in our manual testing interview guide.

3. Functional Test Cases (12)

  1. Login with valid email and valid password → redirected to dashboard.
  2. Login with valid email and invalid password → "Invalid credentials" error, no redirect.
  3. Login with unregistered email → generic "Invalid credentials" error (no user enumeration).
  4. Login with empty email field → inline "Email is required" validation.
  5. Login with empty password field → inline "Password is required" validation.
  6. Login with both fields empty → both inline validations shown, Sign in disabled.
  7. Login with leading/trailing spaces in email → trimmed and accepted.
  8. Login with email in mixed case (USER@Test.com) → accepted (emails are case-insensitive).
  9. Login with password in wrong case → rejected (passwords are case-sensitive).
  10. "Remember me" checked → session persists after browser restart.
  11. "Remember me" unchecked → session cleared on browser close.
  12. "Forgot password" link → opens /reset-password route.

4. UI / UX Test Cases (8)

  1. Email field placeholder reads "you@company.com".
  2. Password field masks characters by default.
  3. Show/Hide password toggle reveals plain text on click.
  4. Sign in button is disabled until both fields contain text.
  5. Tab order is Email → Password → Remember me → Sign in.
  6. Pressing Enter in any field submits the form.
  7. Error messages are announced to screen readers (aria-live="polite").
  8. Layout renders correctly at 320px, 768px, 1024px and 1440px viewports.

5. Security Test Cases (10)

  1. Password is sent over HTTPS only (verify in DevTools → Network).
  2. Password is never echoed in URL, logs or cookies.
  3. Account locks for 15 minutes after 5 consecutive failed attempts.
  4. Brute-force attempts trigger CAPTCHA after 3 failures.
  5. SQL injection in email field (' OR 1=1 --) is rejected and logged.
  6. XSS payload in email field (<script>alert(1)</script>) is escaped on render.
  7. Session cookie is HttpOnly, Secure and SameSite=Lax.
  8. JWT (if used) expires within the documented TTL.
  9. Logout invalidates the session server-side (replaying the old cookie fails).
  10. Password reset link expires after a single use or 30 minutes.

Negative test design overlaps heavily with the API security work covered in our API testing interview questions.

6. Performance & Compatibility (6)

  1. Login response time < 2 seconds on a 4G connection.
  2. Login page LCP < 2.5 seconds on mobile.
  3. Login succeeds under 500 concurrent users (load test).
  4. Login page works on Chrome, Firefox, Safari and Edge (latest 2 versions).
  5. Login page works on iOS Safari and Android Chrome.
  6. Login page is keyboard- and screen-reader-accessible (WCAG 2.2 AA).

7. Negative & Edge Cases (4)

  1. Login with a deleted user account → "Account no longer exists".
  2. Login with a disabled / suspended account → "Account suspended, contact support".
  3. Login with an unverified email → prompt to resend verification email.
  4. Login during a server outage → friendly 503 page, no stack trace.

8. Common Mistakes to Avoid

  • Writing one giant test case that covers 10 scenarios — keep them atomic.
  • Hard-coding test data inside steps — externalise to a data sheet or fixtures file.
  • Skipping negative cases — that's where real bugs live.
  • Forgetting accessibility and mobile viewports.
  • Treating security as "someone else's job" — every QA owns it.

9. Next Steps

Convert these 40 cases into automated tests with our Playwright framework setup guide, then practice walking a hiring manager through your approach in the AI Mock Interview. If you're prepping for an interview round, also review the manual testing interview Q&A and the ATS-friendly QA resume checklist.

Bookmark the official OWASP Top 10 for the security cases above — interviewers love candidates who can name the threat model behind each test.

Frequently asked questions

How many test cases should a login page have?

A thorough suite typically has 30–50 cases covering functional, UI, security, performance, compatibility and negative scenarios. Less than 20 usually means security or edge cases are missing.

What is the most important test case for a login page?

Verifying that valid credentials authenticate the user and invalid credentials return a generic error without leaking which field was wrong — this single case covers the happy path and the most common security mistake.

How do I write negative test cases for login?

Start from each input field, the network layer and the auth state machine. For every "valid" path, ask what happens when the input is empty, too long, malformed, malicious (SQLi/XSS) or sent against a deleted/suspended account.

Should QA test password strength rules on the login page?

No. Password strength belongs on the signup or change-password page. Login should only verify the stored credential — testing strength rules there causes false failures.

Can I automate these login test cases?

Yes. Functional and UI cases automate cleanly in Playwright or Selenium. Security cases (SQLi, XSS, brute-force) are best handled by dedicated tools like OWASP ZAP, with QA reviewing the results.

Where can I download a free login test case template?

Use the table in section 2 of this guide as your template — copy it into Excel, Google Sheets or your test management tool (TestRail, Zephyr, Xray) and reuse the column structure for every feature.

Keep going

Practice these questions

Run a live QA mock interview tailored to this topic and get per-skill scoring in minutes.

Found this useful?
Share:XLinkedInWhatsApp

Was this article helpful?

Keep building your QA edge

Continue reading

Join the QA Community

Connect with fellow testers, share job leads, and get career advice.

Premium QA Resources

Stop Reinventing the Wheel. Upgrade Your QA Arsenal.

Take your testing skills from beginner to Lead Engineer. Supercharge your daily workflow with our premium digital resources.

  • ⚡ Ready-to-use testing strategy templates
  • 🔥 Advanced API & UI automation guides
  • ⏱️ Save 10+ hours a week on test planning
4.9/5 rating
Explore All Products

⭐⭐⭐⭐⭐ Trusted by 1,000+ Software Test Pilots • Instant Access