How do you test the login feature of a web application?
There are no specific guidelines about how to checking the login feature of a web application. The testing can be done solely on how the tester wants to. However, here are certain things that should be checked for.
Start with the basis. Check the input fields with positive and negative values, invalid email, valid email but incorrect password, SQL injection, etc.
Check login and logout, by logging in and then logging out, then checking if you are truly logged off or not.
Also, sign in with a valid login, close the browser and reopen it to see whether you are still logged it or not.
Sign in and then go back to the same page to see whether you see the login screen again.
Also sign in from one browser, then open another browser to see if you need to sign in again.
Check password management, by logging in, changing the password, and trying to login again with the old password.
Check the session management, such as how does the application keep track of logged in users, whether it does so via cookies or web sessions.