Screen states and what they indicate
Below is an expanded deskboard of common sign-in screen states, likely causes, safe checks, and when to stop.
1. Loop back to the same step
What you see: After submitting, you land again on the same step (e.g. username or challenge).
Likely cause: Session invalid or cookie/redirect loop; backend not accepting the step.
Safe checks: Check session timeout; try a private window once; ensure cookies/storage are not fully blocked.
Stop point: If it repeats after one retry, stop and capture evidence. See Sessions, cookies, and redirect loops.
2. Blank page after redirect
What you see: Redirect completes but the page is blank or white.
Likely cause: Storage blocked, script failure, or broken redirect chain.
Safe checks: Check third-party cookies and site storage; retry once after allowing for this site.
Stop point: If it repeats, stop and capture evidence. See Sessions, cookies, and redirect loops and Blocks, rate limits, and repeating challenges.
3. Spinner never ends
What you see: Loading spinner or progress indicator that never finishes.
Likely cause: Network hang, request timeout, or stuck backend call.
Safe checks: Check network (VPN/proxy, Wi‑Fi); one retry after a short wait.
Stop point: If still spinning after one retry, stop and note the state.
4. Verification code never arrives
What you see: Prompt for code but SMS/email/app code does not appear.
Likely cause: Delivery delay, wrong number/email, carrier or filter blocking.
Safe checks: Verify time sync; wait the suggested window; one resend only.
Stop point: Do not spam resend; stop and escalate. See Verification and SSO handoffs.
5. Security challenge repeats / access blocked
What you see: Same challenge again or message like “access blocked” or “too many attempts.”
Likely cause: Rate limit, device/session flag, or policy block.
Safe checks: One safe retry (e.g. after a short wait); then stop.
Stop point: Escalate with evidence. See Blocks, rate limits, and repeating challenges.
6. Session timeout / try again later
What you see: Message that session expired or to try again later.
Likely cause: Expired session or server-side limit.
Safe checks: Wait a few minutes; one retry with a fresh start.
Stop point: If it repeats, stop and capture evidence.
Decision path
- If blank after redirect → check storage/cookies → retry once → if repeats, stop and capture evidence.
- If loop-back prompt → check session timeout → try private window once → if repeats, stop.
- If spinner never ends → check network → retry once → if still spinning, stop.
- If code never arrives → check time sync, wait, one resend → do not spam; stop and escalate.
- If access blocked / too many attempts → do not retry repeatedly; stop and escalate with evidence.
For session and cookie details, see Sessions, cookies, and redirect loops. For blocks and rate limits, see Blocks, rate limits, and repeating challenges.