Add guard around logger.debug statement

The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled

Issue gh-9648

Author: candrews

web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java

@@ -46,8 +46,10 @@ public SimpleRedirectInvalidSessionStrategy(String invalidSessionUrl) {
 
 	public void onInvalidSessionDetected(HttpServletRequest request,
 			HttpServletResponse response) throws IOException {
-		logger.debug("Starting new session (if required) and redirecting to '"
-				+ destinationUrl + "'");
+		if (logger.isDebugEnabled()) {
+			logger.debug("Starting new session (if required) and redirecting to '"
+					+ destinationUrl + "'");
+		}
 		if (createNewSession) {
 			request.getSession();
 		}