We have released an update for Security Hot-fix released in June. We have fixed "Session is invalid" issue with it. This error comes randomly when j2ee sessions are enabled. If you have already applied the security Hot-fix of June, you can install individual fix for this issue. If you have not yet applied the Security Hot-fix, you can take the complete package.
Complete instructions can be found at - http://kb2.adobe.com/cps/907/cpsid_90784.html
For CF9.0.1, Cumulative Hot-fix 2 is also released. This CHF2 contains CHF1, previous security hot-fixes and new bug fixes as well. Complete instructions can be found at - http://kb2.adobe.com/cps/918/cpsid_91836.html