SoftwareTestPilot
Manual TestingPublished: 7 min read

How to Write Test Cases for a Login Page (with Examples)

Step-by-step guide to writing test cases for a login page with 30+ real examples. Covers UI, functional, validation, security, and accessibility test cases for QA engineers.

Avinash Kamble
Avinash Kamble
Founder & QA Engineer at SoftwareTestPilot
Reviewed by Priyanka G.
Share:XLinkedInWhatsApp
How to write test cases for a login page — flat editorial illustration of a login form with checkmarks, magnifying glass, and a security shield.
How to write test cases for a login page — flat editorial illustration of a login form with checkmarks, magnifying glass, and a security shield.
In this article
  1. Login Page Anatomy
  2. UI Test Cases
  3. Functional Test Cases
  4. Validation Test Cases
  5. Security Test Cases
  6. Accessibility Test Cases
  7. Performance Test Cases
  8. How to Write a Test Case (Template)
  9. How to Prioritize Test Cases for Execution
  10. Continue your learning
  11. Frequently asked questions

Last updated: June 27, 2026 · 7 min read

A login page is the #1 test case exercise in QA interviews. This guide gives you 30+ production-grade test cases covering UI, functional, validation, security, and accessibility. Pair it with our Manual Testing Complete Guide and the Software Testing Interview Questions master list.

Login Page Anatomy

Before writing test cases, identify the components:

  • Email / Username field
  • Password field
  • "Show password" toggle
  • "Remember me" checkbox
  • "Forgot password?" link
  • "Sign in" button
  • "Sign up" link
  • Error message area
  • Social login buttons (Google, Apple, etc.)
  • CAPTCHA (when applicable)

UI Test Cases

TC_UI_001 — Email field is visible and editable

  1. Navigate to /login
  2. Verify email field is visible
  3. Verify field accepts text input

TC_UI_002 — Password field masks input

  1. Navigate to /login
  2. Click password field
  3. Type TestPass123!
  4. Verify input is shown as bullets/asterisks, not plain text

TC_UI_003 — Sign in button is disabled until both fields are filled

  1. Navigate to /login
  2. Verify Sign in button is disabled
  3. Fill email; verify button is still disabled
  4. Fill password; verify button is now enabled

TC_UI_004 — Layout is responsive on mobile

  1. Set viewport to 375x667 (iPhone)
  2. Navigate to /login
  3. Verify all fields stack vertically and are visible without horizontal scroll

Functional Test Cases

TC_FN_001 — Successful login with valid credentials

  1. Navigate to /login
  2. Enter admin@example.com as email
  3. Enter Sup3rSecret! as password
  4. Click "Sign in"
  5. Verify redirect to /dashboard and welcome message displays user name

TC_FN_002 — Failed login with wrong password

  1. Enter valid email and wrong password
  2. Click "Sign in"
  3. Verify error message: Invalid email or password
  4. Verify user remains on /login

TC_FN_003 — Login is case-insensitive for email

  1. Enter ADMIN@EXAMPLE.COM with correct password
  2. Verify login succeeds (emails are case-insensitive)

TC_FN_004 — Remember me keeps user logged in

  1. Check "Remember me" and login successfully
  2. Close and re-open browser
  3. Navigate to /dashboard and verify user is still logged in

Validation Test Cases

TC_VAL_001 — Empty email field shows required error

Leave email empty, click Sign in, verify error: Email is required.

TC_VAL_002 — Invalid email format shows format error

Enter not-an-email, click Sign in, verify error: Please enter a valid email address.

TC_VAL_003 — Empty password field shows required error

Enter valid email, leave password empty, click Sign in, verify error: Password is required.

TC_VAL_004 — SQL injection in email field is rejected

Enter ' OR '1'='1 as email and any password. Verify error message (no SQL executed).

TC_VAL_005 — XSS in email field is sanitized

Enter <script>alert('xss')</script> as email. Verify error message (script not executed).

Security Test Cases

TC_SEC_001 — Rate limiting after 5 failed attempts

Enter wrong password 5 times; verify account is temporarily locked and rate-limit message displayed.

TC_SEC_002 — Password field has correct autocomplete

Inspect password field; verify autocomplete="current-password" is set (or off for high security).

TC_SEC_003 — HTTPS is enforced

Navigate to http://example.com/login; verify redirect to https://example.com/login.

TC_SEC_004 — Session token is set with HttpOnly and Secure flags

Login successfully, inspect cookies in DevTools, verify session cookie has HttpOnly and Secure flags.

TC_SEC_005 — Login response doesn't leak which field is wrong

Enter valid email + wrong password and verify error: Invalid email or password (NOT Wrong password). This prevents email enumeration attacks.

For more secure-by-design patterns, see our Security Testing for QA guide.

Accessibility Test Cases

TC_A11Y_001 — All form fields have associated labels

Inspect email field; verify <label for="email"> exists.

TC_A11Y_002 — Tab order is logical

Press Tab repeatedly; verify focus order: email → password → remember me → sign in.

TC_A11Y_003 — Screen reader announces field labels

Focus email field with screen reader enabled; verify it announces Email, edit text.

TC_A11Y_004 — Error messages have role="alert"

Trigger a validation error; inspect error element and verify role="alert" is set.

Performance Test Cases

TC_PERF_001 — Login page loads in under 2 seconds

  1. Clear cache
  2. Navigate to /login
  3. Measure load time
  4. Verify load completes in < 2000ms

For load and stress patterns on the auth endpoint, see k6 vs JMeter.

How to Write a Test Case (Template)

TC_ID: TC_FN_001
Title: Successful login with valid credentials
Preconditions: User account exists; user is logged out
Priority: High
Linked Requirement: REQ-AUTH-001
Steps:
  1. Navigate to /login
  2. Enter "admin@example.com" as email
  3. Enter "Sup3rSecret!" as password
  4. Click "Sign in"
Expected Result: User is redirected to /dashboard with welcome message

How to Prioritize Test Cases for Execution

Not all test cases are equal. Use this priority framework:

P0 — Critical (must pass before every release)

  • TC_FN_001 (successful login)
  • TC_SEC_003 (HTTPS enforced)
  • TC_SEC_004 (HttpOnly cookies)

P1 — High (run on every build)

  • TC_FN_002 (failed login)
  • TC_VAL_001 / TC_VAL_003 (required fields)
  • TC_SEC_001 (rate limiting)

P2 — Medium (run on every PR)

  • TC_UI_001–004 (UI rendering)
  • TC_FN_003 / TC_FN_004 (case-insensitive email, remember me)
  • TC_VAL_002 / TC_VAL_004–005 (validation edge cases)

P3 — Low (run weekly or pre-release)

  • TC_A11Y_001–004 (accessibility)
  • TC_PERF_001 (performance)

This prioritization helps you build a fast smoke suite (P0+P1) that runs in < 5 minutes, plus a deeper regression that runs nightly. For more, see our Manual Testing Complete Guide and the ISTQB Foundation Study Guide.

Frequently asked questions

How many test cases should a login page have?

For a typical login page: 30–60 test cases covering UI, functional, validation, security, and accessibility.

What is the most important test case for login?

Successful login (TC_FN_001) — if this fails, nothing else matters. Rate limiting (TC_SEC_001) prevents brute force, and HTTPS enforcement (TC_SEC_003) prevents credential interception.

How do you test the Forgot password link?

Verify it navigates to /forgot-password, accepts an email, sends a reset email (mocked), and the reset link in the email works to set a new password.

What tools should I use to test login pages?

Manual testing across multiple browsers, OWASP ZAP for security scanning, Lighthouse for accessibility, and JMeter or k6 for performance.

Should login test cases be automated?

Yes — P0 and P1 cases (successful login, failed login, validation, rate limiting) should be automated as part of the smoke suite. P3 cases like accessibility can remain manual or use axe-core in CI.

Keep going

Practice these questions

Run a live QA mock interview tailored to this topic and get per-skill scoring in minutes.

Found this useful?
Share:XLinkedInWhatsApp

Was this article helpful?

Keep building your QA edge

Continue reading

Join the QA Community

Connect with fellow testers, share job leads, and get career advice.

Premium QA Resources

Stop Reinventing the Wheel. Upgrade Your QA Arsenal.

Take your testing skills from beginner to Lead Engineer. Supercharge your daily workflow with our premium digital resources.

  • ⚡ Ready-to-use testing strategy templates
  • 🔥 Advanced API & UI automation guides
  • ⏱️ Save 10+ hours a week on test planning
4.9/5 rating
Explore All Products

⭐⭐⭐⭐⭐ Trusted by 1,000+ Software Test Pilots • Instant Access