Add SPA Form Based Authentication instructions

docs/src/main/asciidoc/security-authentication-mechanisms.adoc

@@ -93,6 +93,53 @@ quarkus.http.auth.form.login-page=
 quarkus.http.auth.form.error-page=
 ----
 
+Now that you have disabled redirects for the SPA, you must login and logout programmatically from your client.
+Below are example JavaScript methods for logging into the `j_security_check` endpoint and logging out of the application by destroying the cookie.
+
+[source,javascript]
+----
+const login = () => {
+    // Create an object to represent the form data
+    const formData = new URLSearchParams();
+    formData.append("j_username", username);
+    formData.append("j_password", password);
+
+    // Make an HTTP POST request using fetch against j_security_check endpoint
+    fetch("j_security_check", {
+        method: "POST",
+        body: formData,
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+        },
+    })
+    .then((response) => {
+        if (response.status === 200) {
+            // Authentication was successful
+            console.log("Authentication successful");
+        } else {
+            // Authentication failed
+            console.error("Invalid credentials");
+        }
+    })
+    .catch((error) => {
+        console.error(error);
+    });
+};
+----
+
+To logout of the SPA you must destroy the cookie and redirect back to your main page.
+
+[source,javascript]
+----
+const logout= () => {
+    // delete the credential cookie essentially killing the session
+    const removeCookie = `quarkus-credential=; Max-Age=0;path=/`;
+    document.cookie = removeCookie;
+    // redirect to main page
+    window.location.href = "/";
+};
+----
+
 The following properties can be used to configure form-based authentication:
 
 include::{generated-dir}/config/quarkus-vertx-http-config-group-form-auth-config.adoc[opts=optional, leveloffset=+1]