I have no SPA502G here, but the SPA504G. Is it the same as far as I know.
It use native HTTP authorization. The login dialog is embedded within browser. You need to use browser's logout function to terminate the session. Or close the browser at all - it will flush all those sessions.
There is no WWW login form, thus there's no WWW logout form as well inside of device's UI.