Test Login form

1. Try submitting blank input for both user name and password.
2. Try submitting valid Email ID, invalid password
3. Try submitting invalid Email Id, valid password
4. Mouse cursor must be focused in user name field.
5. Login using valid data and click on "Back" button of browser.
It should show page expired message.
6. Login using valid data and then copy paste the URL on another browser.
It should redirect to Login page URL.
7. Enter email ID in caps and respective password. It must work.
8. Check uniqueness of email ID. "ajishaek@gmail.com ; aJISHaek@gmail.com; AJISHAEK@GMAIL.COM" all must be treated as same.
9. Password must be case sensitive.
10. Form must work without depending on mouse. Must support tab and enter key.
11. Check max and minimum length of user name and password field. Check the respective data type constraint in DB, sign up with more than max limit. Try the same ID for login.
12. Sign up using special characters and use the same while logging in.
13. Try SQL injection - Submit the form by entering "anything' OR 'x'='x" in user name field and password field. It shouldn't accept.
14. Watch http response(firebug), user ID and password must be transmitted using POST Method only. Password must not be visible in plain text. It must be encrypted.
15. Login and then clear cache. Login must be still retained.
16. Login and clear session. Login must not be retained.
17. Login and clear cookie. Login must not be retained.
18. Click on "Remember Me" option while logging in. Close and re-open browser. It must not log out the user. It must retain the user login.
19. Only one user must be logged in at any time. If any user is already logged in, then system should not allow any other user to login.
20. Use same password for different Email ID - both must be treated unique.
21. Manipulate the ID if the user ID is passed in URL after login. It must not allow to access other user's details.

Note: Will update the above list eventually as I explore.