Spring Security It is not necessary to fetch all user sessions if unlimited sessions are set in the ConcurrentSessionControlAuthenticationStrategy.

Expected Behavior

In ConcurrentSessionControlAuthenticationStrategy.onAuthentication, If maximumSessions value settled to -1, which means there are no restrictions for user sessions count, then no need fetch all user sessions in that case. We should just skipping any following computations.

Current Behavior

ConcurrentSessionControlAuthenticationStrategy.onAuthentication start with getAllSessions whatever or not there is restriction on session count, and if is not, then just does nothing with retreived data.

Context

Save little peace of computing resources.