How would you test a multi-step form / wizard?

Clarify first

• Is progress saved between steps so users can resume a partially completed wizard?
• Can users navigate back to previous steps, and does data remain when they do?
• Is each step validated on advance, or only on final submit?
• What happens if the browser is refreshed or the tab is closed mid-wizard?

Functional

• Each step validates before the user can advance (required fields, format checks)
• Progress indicator accurately reflects the current step and total step count
• Back navigation returns the user to the previous step with all previously entered data intact
• Final submission sends the aggregated data from all steps correctly
• Confirmation or summary page shows the correct values from all steps

Negative / error handling

• Submitting a step with missing or invalid data → error shown on the current step; user cannot advance
• Directly accessing a later step via URL without completing earlier steps → redirected to the correct entry point (step 1 or last incomplete step)
• Network error on the final submission step → user given a retry option; no partial data silently saved
• Session expiry mid-wizard → user redirected to login; progress either preserved or clearly lost (not silently discarded without warning)

Edge & boundary

• Refreshing the browser mid-wizard — is progress saved or lost?
• Opening the same wizard in two browser tabs simultaneously — which state wins?
• Cross-step validation: a value entered on step 1 constrains options on step 3 (e.g., chosen country determines available shipping methods)
• Long-running wizard: returning to a saved draft after 24 hours — is the draft still valid and any pre-populated data still current?

Security

• A user cannot access step 3 data via direct API call without completing steps 1 and 2 (unauthorized step-skip)
• CSRF token remains valid across all steps in the multi-step session
• Sensitive data entered in earlier steps is not cached in browser history (use POST, not GET, for step transitions)

Close: automate step-by-step validation, back-navigation data retention, and the unauthorized step-skip check. Keep manual for browser refresh/tab-close UX and multi-tab conflict behavior.