diff --git a/lib/keyserver-conn/call-keyserver-endpoint-provider.react.js b/lib/keyserver-conn/call-keyserver-endpoint-provider.react.js
--- a/lib/keyserver-conn/call-keyserver-endpoint-provider.react.js
+++ b/lib/keyserver-conn/call-keyserver-endpoint-provider.react.js
@@ -207,8 +207,16 @@
     // If this function is called, callSingleKeyserverEndpoint got a response
     // invalidating its cookie, and is wondering if it should just like...
     // give up? Or if there's a chance at redemption
-    const cookieInvalidationRecovery = (sessionChange: ClientSessionChange) => {
+    const cookieInvalidationRecovery = (
+      sessionChange: ClientSessionChange,
+      error: ?string,
+    ) => {
       if (!canResolveInvalidation) {
+        // When invalidation recovery is supported, we let that code call
+        // setNewSession. When it isn't supported, we call it directly here.
+        // Once usingCommServicesAccessToken is true, we should consider
+        // removing this call... see description of D10952 for details.
+        boundSetNewSession(sessionChange, error);
         // If there is no way to resolve the session invalidation,
         // just let the caller callSingleKeyserverEndpoint instance continue
         return Promise.resolve(null);
diff --git a/lib/utils/call-single-keyserver-endpoint.js b/lib/utils/call-single-keyserver-endpoint.js
--- a/lib/utils/call-single-keyserver-endpoint.js
+++ b/lib/utils/call-single-keyserver-endpoint.js
@@ -79,6 +79,7 @@
   waitIfCookieInvalidated: () => Promise<?CallSingleKeyserverEndpoint>,
   cookieInvalidationRecovery: (
     sessionChange: ClientSessionChange,
+    error: ?string,
   ) => Promise<?CallSingleKeyserverEndpoint>,
   urlPrefix: string,
   sessionID: ?string,
@@ -199,13 +200,21 @@
       ? rest
       : { cookieInvalidated: false, currentUserInfo, ...rest };
     if (clientSessionChange.cookieInvalidated) {
-      const maybeReplacement =
-        await cookieInvalidationRecovery(clientSessionChange);
+      const maybeReplacement = await cookieInvalidationRecovery(
+        clientSessionChange,
+        error,
+      );
       if (maybeReplacement) {
         return await maybeReplacement(endpoint, input, options);
       }
+    } else {
+      // We don't want to call setNewSession when cookieInvalidated. If the
+      // cookie is invalidated, the cookieInvalidationRecovery call above will
+      // either trigger a invalidation recovery attempt (if supported), or it
+      // will call setNewSession itself. If the invalidation recovery is
+      // attempted, it will result in a setNewSession call when it concludes.
+      setNewSession(clientSessionChange, error);
     }
-    setNewSession(clientSessionChange, error);
   }
 
   if (!error && shouldSendPlatformDetails) {