diff --git a/samples/users/src/integration-test/groovy/sample/UserTests.groovy b/samples/users/src/integration-test/groovy/sample/UserTests.groovy
index fb6e37f4..cdfdc579 100644
--- a/samples/users/src/integration-test/groovy/sample/UserTests.groovy
+++ b/samples/users/src/integration-test/groovy/sample/UserTests.groovy
@@ -21,6 +21,26 @@ class UserTests extends GebReportingSpec {
         !username
     }
 
+    def 'invalid login'() {
+        setup:
+        def user = 'rob'
+        when:
+        login(user, user+'invalid')
+        then:
+        !username
+        error == 'Invalid username / password. Please ensure the username is the same as the password.'
+    }
+
+    def 'empty username'() {
+        setup:
+        def user = ''
+        when:
+        login(user, user)
+        then:
+        !username
+        error == 'Invalid username / password. Please ensure the username is the same as the password.'
+    }
+
     def 'login single user'() {
         setup:
         def user = 'rob'
diff --git a/samples/users/src/integration-test/groovy/sample/pages/HomePage.groovy b/samples/users/src/integration-test/groovy/sample/pages/HomePage.groovy
index 3631a9ae..eaf94c08 100644
--- a/samples/users/src/integration-test/groovy/sample/pages/HomePage.groovy
+++ b/samples/users/src/integration-test/groovy/sample/pages/HomePage.groovy
@@ -12,6 +12,7 @@ class HomePage extends Page {
     static at = { assert driver.title == 'Demonstrates Multi User Log In'; true}
     static content = {
         navLink { $('#navLink') }
+        error { $('#error').text() }
         form { $('form') }
         username(required:false) { $('#un').text() }
         logout(required:false) { $('#logout') }
diff --git a/samples/users/src/main/java/sample/LoginServlet.java b/samples/users/src/main/java/sample/LoginServlet.java
index 60de82d4..c6e9cd7d 100644
--- a/samples/users/src/main/java/sample/LoginServlet.java
+++ b/samples/users/src/main/java/sample/LoginServlet.java
@@ -32,10 +32,13 @@ public class LoginServlet extends HttpServlet {
         String username = req.getParameter("username");
         String password = req.getParameter("password");
 
-        if(username != null && username.equals(password)) {
+        if(username != null && !"".equals(username) && username.equals(password)) {
             req.getSession().setAttribute("username", username);
             String url = resp.encodeRedirectURL(req.getContextPath() + "/");
             resp.sendRedirect(url);
+        } else {
+            String url = resp.encodeRedirectURL(req.getContextPath() + "/?error");
+            resp.sendRedirect(url);
         }
     }
 
diff --git a/samples/users/src/main/webapp/index.jsp b/samples/users/src/main/webapp/index.jsp
index 13fb82b4..81e543f9 100644
--- a/samples/users/src/main/webapp/index.jsp
+++ b/samples/users/src/main/webapp/index.jsp
@@ -62,6 +62,9 @@
                     <li><b>Username</b> rob and <b>Password</b> rob</li>
                     <li><b>Username</b> luke and <b>Password</b> luke</li>
                 </ul>
+                <c:if test="${param.error != null}">
+                    <div id="error" class="alert alert-warning">Invalid username / password. Please ensure the username is the same as the password.</div>
+                </c:if>
                 <c:url value="/login" var="loginUrl"/>
                 <form action="${loginUrl}" method="post">
                     <div class="form-group">