In order to keep the authenticated state and track the users progress within the web application, applications provide users with a session identifier (session ID or token) that is assigned at session creation time, and is shared and exchanged by the user and the web application for the duration of the session (it is sent on every HTTP request). With the goal of implementing secure session IDs, the generation of identifiers (IDs or tokens) must meet the following properties: The name used by the session ID should not be extremely descriptive nor offer unnecessary details about the purpose and meaning of the ID. Therefore, the session ID name can disclose the technologies and programming languages used by the web application.
The session ID names used by the most common web application development frameworks can be easily fingerprinted , such as PHPSESSID (PHP), JSESSIONID (J2EE), CFID & CFTOKEN (Cold Fusion), ASP. It is recommended to change the default session ID name of the web development framework to a generic name, such as “id”.
The session invalidating was never a problem until later this year. Is it a server that has one main hub world where you go to sub-worlds?
I recently (a couple months ago) migrated my account to the Mojang account system. Yes, I usually play on the large servers such as Mineplex or the Hive, which all use different servers to host their games, but I only get an invalid session ID error when actually disconnecting and reconnecting to the server.
It's happened a couple times in the last few months, but nothing else suspicious is going on.
I play Premium minecraft and have had my account for years.
The session ID must be long enough to prevent brute force attacks, where an attacker can go through the whole range of ID values and verify the existence of valid sessions.
The session ID length must be at least 128 bits (16 bytes).
I've had the same issue happen to me as I said. It doesn't only happen on large server's though, I sometimes also get the error when joining my private server after playing for a couple hours straight.
Invalid Session happens when another instance of Minecraft is launched with the same login, it detects that there are two Minecraft instances running on the same username, and wants you to revalidate it to make sure its YOU.