SideGate

SideGate is a Minecraft server plugin that enables a hybrid login system, allowing Premium players to join normally while selectively permitting Offline (Cracked) players via a whitelist, maintaining online-mode security and configurability.

File Details

SideGate 1.2.1 (1.20.x/1.21.x/26.1.x)

  • R
  • Jun 10, 2026
  • 64.65 KB
  • 22
  • 26.1.2+24

File Name

SideGate-1.2.1.jar

Supported Versions

  • 26.1.2
  • 26.1.1
  • 26.1
  • 1.21.5-Snapshot
  • 1.21.11
  • 1.21.10
  • 1.21.9
  • 1.21.8
  • 1.21.7
  • 1.21.6
  • 1.21.5
  • 1.21.4
  • 1.21.3
  • 1.21.2
  • 1.21.1
  • 1.21
  • 1.20.3-Snapshot
  • 1.20.5-Snapshot
  • 1.20.6
  • 1.20.5
  • 1.20.4
  • 1.20.3
  • 1.20.2
  • 1.20.1
  • 1.20

SideGate 1.2.1

Release date: 2026-06-10

Added

  • Optional Floodgate and Geyser-Spigot integration. Detected Bedrock players stay on the Floodgate/Geyser authentication path and are not classified or tagged as SideGate guests.
  • Soft dependencies for floodgate and Geyser-Spigot; neither plugin is required when Bedrock support is not used.
  • Added configurable premium-session-failure.action with KICK_WITH_MESSAGE and FALLBACK_TO_GUEST modes.
  • Added a configurable Premium-name conflict message. SideGate compares the login UUID with the official Mojang profile before encryption so cracked launchers that abort on HTTP 401 receive the configured message.
  • Added Guest fallback for Premium-name UUID mismatches before encryption, plus same-connection fallback when an invalid encrypted session response is available.

Changed

  • Mojang profile lookups now run through ProtocolLib's asynchronous listener path to avoid blocking the packet thread.
  • Premium lookup cache entries now expire after 10 minutes and use bounded eviction instead of clearing the entire cache.
  • Premium lookup cache entries now retain the official Mojang UUID for early Premium-name conflict detection.
  • Mojang API errors, invalid responses, and invalid Java usernames now fail closed by leaving authentication to the server instead of granting guest access.
  • Guest connection selection now requires an exact address match or matching login profile name; unsafe cross-connection and port-only fallbacks were removed.
  • Removed duplicate [SideGate] text from plugin logger messages because Bukkit already adds the plugin name.
  • Compatibility and issue-report startup notices now use INFO; the ProtocolLib dev-build warning is skipped when a development build is already installed.

Fixed

  • Fixed Floodgate/Geyser Bedrock players being treated as non-premium guests.
  • Fixed a possible guest injection mix-up when multiple login connections were pending.
  • Fixed a ProtocolLib TemporaryPlayer warning and stack trace caused by reading an unavailable UUID during early login.