QA Session

Origin & evolution

Cem Kaner coined the term exploratory testing in his 1988 book Testing Computer Software, naming the unscripted, learning🧠LearningValidationAn insight gained from an experimentView reference →-driven practice that experienced testers had always done (history summarised on Wikipedia). Through the 1990s the context-driven school adopted the term to distinguish disciplined exploration from sloppy ad hoc testing, with which it was often confused.

The accountability problem remained: exploration resisted the metrics🔢MetricStrategyA unified metric that measures progress, health, or behaviour across the productView reference → and repeatability that scripted testing offered, so managers struggled to trust it. James and Jonathan Bach answered that in the early 2000s with Session-Based Test Management. The move was to organise exploration into sessions: an uninterrupted block, typically 60 to 120 minutes, governed by a charter, a one-to-three-sentence mission🧭MissionStrategyThe purpose and reason the product existsView reference → stating what to test and what to look for without prescribing the steps.

That structure made exploration manageable without scripting it. The charter sets direction while leaving the tester free to follow what they find; the timebox makes effort measurable; the session sheet records what was covered, what bugs surfaced, and how time split between testing, setup, and investigation🔍InvestigationEngineeringAn investigation into an issue or incidentView reference →. As the Bachs framed it, "structure" means a shared expectation of what work gets done and how it is reported, never a pre-written sequence of clicks.

How it works in practice

A team is about to ship a redesigned file-upload flow that the automated suite already passes cleanly. A tester opens a 90-minute session with the charter: explore the upload flow with malformed and oversized files; look for silent failures and stuck states.

She uploads a zero-byte file, a 4 GB file, a file renamed from .exe to .png, and a file whose connection she kills mid-transfer. The suite never imagined these inputs. Forty minutes in she finds the killer: an interrupted upload leaves the UI spinner running forever with no error and no retry, and the orphaned partial file is never cleaned up server-side. She logs two bugs against the upload feature⭐FeatureProduct SpecificationA product capability or featureView reference → and notes the charter as partially covered, flagging concurrent uploads for a follow-up session. The automated suite kept its green; the session found the two defects that green was hiding.

QA session vs. its neighbours

• Test suite📂Test SuiteQuality AssuranceA suite of related testsView reference → is repeatable and automated; a QA session is human and exploratory. The suite re-runs the same assertions to catch known regressions; the session investigates the unknown and designs tests as it goes. They are complements: the suite covers what you already thought of, the session finds what you did not, which is why test_suite_tested_via_qa_sessionTest Suitetested viaQA Sessionhierarchy links them.
• Bug is the output a session is hunting. A session is the timeboxed investigation; the bugs it surfaces are its findings, connected through qa_session_discovers_bugQA SessiondiscoversBughierarchy. A session with no charter produces wandering; a charter is what turns activity into reportable coverage.
• Feature is the territory a session charters against. Through qa_session_targets_featureQA SessiontargetsFeaturecross-domain, a session aims at a specific area rather than the whole product, which is what keeps a timeboxed exploration focused enough to be thorough.

In the graph

In the Unified Product Graph, qa_session🐞QA SessionQuality AssuranceAn exploratory QA session sits in the quality and testing region as the human, exploratory counterpart to the automated suite. A product undergoes it through product_undergoes_qa_sessionProductundergoesQA Sessionhierarchy, it targets scope through qa_session_targets_featureQA SessiontargetsFeaturecross-domain, surfaces defects through qa_session_discovers_bugQA SessiondiscoversBughierarchy, and relates to the regression suite through test_suite_tested_via_qa_sessionTest Suitetested viaQA Sessionhierarchy. Modelling the session as a first-class node, with its charter and findings attached, captures the testing that lives nowhere in a CI log: the exploratory coverage that a green suite, by definition, cannot account for.