Short and to the point...
KB 3114945 (April 12, 2016, update for SharePoint Foundation 2013) lists the following issue as being fixed:
Assume that you sign in a host name site collection and then other site collections in the same web application. If the host name site collection is deleted and the cached user token is still valid, you receive an error message on later attempts to access remaining site collections.
What the article does not include is the method for enabling this fix!!!
To do so, execute the following:
# This setting affects the whole farm. $sts = Get-SPSecurityTokenServiceConfig $sts.WindowsModeIgnoreCache = $true $sts.Update()
Thanks to Joe Rogers for the info.