From 84141c4c767216715393632ca73cba7808f6e8c2 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@gmail.com>
Date: Sun, 11 Mar 2012 18:29:56 -0500
Subject: [PATCH] SEC-1927: Corrected debug log in SessionManagementFilter to
 have a space between ID and the session and added guard to log statement

---
 .../security/web/session/SessionManagementFilter.java         | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
index 8d2e6d0b72..e854049b08 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@@ -88,7 +88,9 @@ public class SessionManagementFilter extends GenericFilterBean {
             } else {
              // No security context or authentication present. Check for a session timeout
                 if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
-                    logger.debug("Requested session ID" + request.getRequestedSessionId() + " is invalid.");
+                    if(logger.isDebugEnabled()) {
+                        logger.debug("Requested session ID " + request.getRequestedSessionId() + " is invalid.");
+                    }
 
                     if (invalidSessionStrategy != null) {
                         invalidSessionStrategy.onInvalidSessionDetected(request, response);