I believe this was a bug that has been fixed a long time ago, I suggest moving to a more recent version. If that doesn't fix your issue then please file a ticket.
A session is killed when someone logs out or when the browser hasn't sent a keepalive request in the required time (5 minutes if I remember correctly), so if a lot of people have open browsers with anonymous sessions going on, this could happen. However, once an anonymous session is transformed into a regular session by the user logging in, it should still only count for one session.
You could try turning on persistent sessions and having a look at which sessions are active?
The session should be destroyed as soon as the anonymous user logs out (which probably wont happen) or closes its browsers.
I don't know much about the details, but from the top of my head your license uses separate values for the number of named- and the number of anonymous users which are allowed to 'login' concurrently. So probably your license does not allow for (enough) anonymous concurrent users.