Add guard around logger.debug statement

The log message involves string concatenation, the cost of which should only be incurred if debug logging is enabled

Author: candrews

web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java

@@ -52,7 +52,9 @@ public SimpleRedirectInvalidSessionStrategy(String invalidSessionUrl) {
 
 	@Override
 	public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException {
-		this.logger.debug("Starting new session (if required) and redirecting to '" + this.destinationUrl + "'");
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Starting new session (if required) and redirecting to '" + this.destinationUrl + "'");
+		}
 		if (this.createNewSession) {
 			request.getSession();
 		}