Been there done that. The only thing you didn't mention was that if you do give a wrong password, it calls the logout function. So all tests do work. You can't login with wrong password.
Nope. Just refreshes back to the same page. Sorry, forgot to mention that the logout button doesn't actually DO anything except redirect to the Login page. Auth cookies are still intact.
This guy is special.