diff --git a/keyserver/src/creators/account-creator.js b/keyserver/src/creators/account-creator.js
index a5fb30d25..f97eaeedb 100644
--- a/keyserver/src/creators/account-creator.js
+++ b/keyserver/src/creators/account-creator.js
@@ -1,319 +1,319 @@
 // @flow
 
 import { getRustAPI } from 'rust-node-addon';
 import bcrypt from 'twin-bcrypt';
 
 import ashoat from 'lib/facts/ashoat.js';
 import bots from 'lib/facts/bots.js';
 import genesis from 'lib/facts/genesis.js';
 import { policyTypes } from 'lib/facts/policies.js';
 import { validUsernameRegex } from 'lib/shared/account-utils.js';
 import type {
   RegisterResponse,
   RegisterRequest,
 } from 'lib/types/account-types.js';
 import type {
   ReservedUsernameMessage,
   SignedIdentityKeysBlob,
 } from 'lib/types/crypto-types.js';
 import type {
   PlatformDetails,
   DeviceTokenUpdateRequest,
 } from 'lib/types/device-types.js';
 import type { CalendarQuery } from 'lib/types/entry-types.js';
 import { messageTypes } from 'lib/types/message-types-enum.js';
 import type { SIWESocialProof } from 'lib/types/siwe-types.js';
 import { threadTypes } from 'lib/types/thread-types-enum.js';
 import { ServerError } from 'lib/utils/errors.js';
 import { values } from 'lib/utils/objects.js';
 import { ignorePromiseRejections } from 'lib/utils/promises.js';
 import { reservedUsernamesSet } from 'lib/utils/reserved-users.js';
 import { isValidEthereumAddress } from 'lib/utils/siwe-utils.js';
 
 import createIDs from './id-creator.js';
 import createMessages from './message-creator.js';
-import { createOlmSession } from './olm-session-creator.js';
+import { createAndPersistOlmSession } from './olm-session-creator.js';
 import {
   createThread,
   createPrivateThread,
   privateThreadDescription,
 } from './thread-creator.js';
 import { dbQuery, SQL } from '../database/database.js';
 import { deleteCookie } from '../deleters/cookie-deleters.js';
 import { fetchThreadInfos } from '../fetchers/thread-fetchers.js';
 import {
   fetchLoggedInUserInfo,
   fetchKnownUserInfos,
 } from '../fetchers/user-fetchers.js';
 import { verifyCalendarQueryThreadIDs } from '../responders/entry-responders.js';
 import { searchForUser } from '../search/users.js';
 import { createNewUserCookie, setNewSession } from '../session/cookies.js';
 import { createScriptViewer } from '../session/scripts.js';
 import type { Viewer } from '../session/viewer.js';
 import { fetchOlmAccount } from '../updaters/olm-account-updater.js';
 import { updateThread } from '../updaters/thread-updaters.js';
 import { viewerAcknowledgmentUpdater } from '../updaters/viewer-acknowledgment-updater.js';
 
 const { commbot } = bots;
 
 const ashoatMessages = [
   'welcome to Comm!',
   'as you inevitably discover bugs, have feature requests, or design ' +
     'suggestions, feel free to message them to me in the app.',
 ];
 
 const privateMessages = [privateThreadDescription];
 
 async function createAccount(
   viewer: Viewer,
   request: RegisterRequest,
 ): Promise<RegisterResponse> {
   if (request.password.trim() === '') {
     throw new ServerError('empty_password');
   }
   if (request.username.search(validUsernameRegex) === -1) {
     throw new ServerError('invalid_username');
   }
 
   const promises = [searchForUser(request.username)];
   const {
     calendarQuery,
     signedIdentityKeysBlob,
     initialNotificationsEncryptedMessage,
   } = request;
   if (calendarQuery) {
     promises.push(verifyCalendarQueryThreadIDs(calendarQuery));
   }
 
   const [existingUser] = await Promise.all(promises);
   if (
     reservedUsernamesSet.has(request.username.toLowerCase()) ||
     isValidEthereumAddress(request.username.toLowerCase())
   ) {
     throw new ServerError('username_reserved');
   }
   if (existingUser) {
     throw new ServerError('username_taken');
   }
 
   const hash = bcrypt.hashSync(request.password);
   const time = Date.now();
   const deviceToken = request.deviceTokenUpdateRequest
     ? request.deviceTokenUpdateRequest.deviceToken
     : viewer.deviceToken;
   const [id] = await createIDs('users', 1);
   const newUserRow = [id, request.username, hash, time];
   const newUserQuery = SQL`
     INSERT INTO users(id, username, hash, creation_time)
     VALUES ${[newUserRow]}
   `;
 
   const [userViewerData] = await Promise.all([
     createNewUserCookie(id, {
       platformDetails: request.platformDetails,
       deviceToken,
       signedIdentityKeysBlob,
     }),
     deleteCookie(viewer.cookieID),
     dbQuery(newUserQuery),
   ]);
   viewer.setNewCookie(userViewerData);
 
   if (calendarQuery) {
     await setNewSession(viewer, calendarQuery, 0);
   }
 
   const olmSessionPromise = (async () => {
     if (userViewerData.cookieID && initialNotificationsEncryptedMessage) {
-      await createOlmSession(
+      await createAndPersistOlmSession(
         initialNotificationsEncryptedMessage,
         'notifications',
         userViewerData.cookieID,
       );
     }
   })();
 
   await Promise.all([
     updateThread(
       createScriptViewer(ashoat.id),
       {
         threadID: genesis.id,
         changes: { newMemberIDs: [id] },
       },
       { forceAddMembers: true, silenceMessages: true, ignorePermissions: true },
     ),
     viewerAcknowledgmentUpdater(viewer, policyTypes.tosAndPrivacyPolicy),
     olmSessionPromise,
   ]);
 
   const [privateThreadResult, ashoatThreadResult] = await Promise.all([
     createPrivateThread(viewer),
     createThread(
       viewer,
       {
         type: threadTypes.PERSONAL,
         initialMemberIDs: [ashoat.id],
       },
       { forceAddMembers: true },
     ),
   ]);
   const ashoatThreadID = ashoatThreadResult.newThreadID;
   const privateThreadID = privateThreadResult.newThreadID;
 
   let messageTime = Date.now();
   const ashoatMessageDatas = ashoatMessages.map(message => ({
     type: messageTypes.TEXT,
     threadID: ashoatThreadID,
     creatorID: ashoat.id,
     time: messageTime++,
     text: message,
   }));
   const privateMessageDatas = privateMessages.map(message => ({
     type: messageTypes.TEXT,
     threadID: privateThreadID,
     creatorID: commbot.userID,
     time: messageTime++,
     text: message,
   }));
   const messageDatas = [...ashoatMessageDatas, ...privateMessageDatas];
   const [messageInfos, threadsResult, userInfos, currentUserInfo] =
     await Promise.all([
       createMessages(viewer, messageDatas),
       fetchThreadInfos(viewer),
       fetchKnownUserInfos(viewer),
       fetchLoggedInUserInfo(viewer),
     ]);
   const rawMessageInfos = [
     ...ashoatThreadResult.newMessageInfos,
     ...privateThreadResult.newMessageInfos,
     ...messageInfos,
   ];
 
   ignorePromiseRejections(
     createAndSendReservedUsernameMessage([request.username]),
   );
 
   return {
     id,
     rawMessageInfos,
     currentUserInfo,
     cookieChange: {
       threadInfos: threadsResult.threadInfos,
       userInfos: values(userInfos),
     },
   };
 }
 
 export type ProcessSIWEAccountCreationRequest = {
   +address: string,
   +calendarQuery: CalendarQuery,
   +deviceTokenUpdateRequest?: ?DeviceTokenUpdateRequest,
   +platformDetails: PlatformDetails,
   +socialProof: SIWESocialProof,
   +signedIdentityKeysBlob?: ?SignedIdentityKeysBlob,
 };
 // Note: `processSIWEAccountCreation(...)` assumes that the validity of
 //       `ProcessSIWEAccountCreationRequest` was checked at call site.
 async function processSIWEAccountCreation(
   viewer: Viewer,
   request: ProcessSIWEAccountCreationRequest,
 ): Promise<string> {
   const { calendarQuery, signedIdentityKeysBlob } = request;
   await verifyCalendarQueryThreadIDs(calendarQuery);
 
   const time = Date.now();
   const deviceToken = request.deviceTokenUpdateRequest
     ? request.deviceTokenUpdateRequest.deviceToken
     : viewer.deviceToken;
   const [id] = await createIDs('users', 1);
   const newUserRow = [id, request.address, request.address, time];
   const newUserQuery = SQL`
     INSERT INTO users(id, username, ethereum_address, creation_time)
     VALUES ${[newUserRow]}
   `;
   const [userViewerData] = await Promise.all([
     createNewUserCookie(id, {
       platformDetails: request.platformDetails,
       deviceToken,
       socialProof: request.socialProof,
       signedIdentityKeysBlob,
     }),
     deleteCookie(viewer.cookieID),
     dbQuery(newUserQuery),
   ]);
   viewer.setNewCookie(userViewerData);
 
   await setNewSession(viewer, calendarQuery, 0);
 
   await Promise.all([
     updateThread(
       createScriptViewer(ashoat.id),
       {
         threadID: genesis.id,
         changes: { newMemberIDs: [id] },
       },
       { forceAddMembers: true, silenceMessages: true, ignorePermissions: true },
     ),
     viewerAcknowledgmentUpdater(viewer, policyTypes.tosAndPrivacyPolicy),
   ]);
 
   const [privateThreadResult, ashoatThreadResult] = await Promise.all([
     createPrivateThread(viewer),
     createThread(
       viewer,
       {
         type: threadTypes.PERSONAL,
         initialMemberIDs: [ashoat.id],
       },
       { forceAddMembers: true },
     ),
   ]);
   const ashoatThreadID = ashoatThreadResult.newThreadID;
   const privateThreadID = privateThreadResult.newThreadID;
 
   let messageTime = Date.now();
   const ashoatMessageDatas = ashoatMessages.map(message => ({
     type: messageTypes.TEXT,
     threadID: ashoatThreadID,
     creatorID: ashoat.id,
     time: messageTime++,
     text: message,
   }));
   const privateMessageDatas = privateMessages.map(message => ({
     type: messageTypes.TEXT,
     threadID: privateThreadID,
     creatorID: commbot.userID,
     time: messageTime++,
     text: message,
   }));
   const messageDatas = [...ashoatMessageDatas, ...privateMessageDatas];
   await Promise.all([createMessages(viewer, messageDatas)]);
 
   ignorePromiseRejections(
     createAndSendReservedUsernameMessage([request.address]),
   );
 
   return id;
 }
 
 async function createAndSendReservedUsernameMessage(
   payload: $ReadOnlyArray<string>,
 ) {
   const issuedAt = new Date().toISOString();
   const reservedUsernameMessage: ReservedUsernameMessage = {
     statement: 'Add the following usernames to reserved list',
     payload,
     issuedAt,
   };
   const stringifiedMessage = JSON.stringify(reservedUsernameMessage);
 
   const [rustAPI, accountInfo] = await Promise.all([
     getRustAPI(),
     fetchOlmAccount('content'),
   ]);
   const signature = accountInfo.account.sign(stringifiedMessage);
 
   await rustAPI.addReservedUsernames(stringifiedMessage, signature);
 }
 
 export { createAccount, processSIWEAccountCreation };
diff --git a/keyserver/src/creators/olm-session-creator.js b/keyserver/src/creators/olm-session-creator.js
index 8fe7e7c54..510f721a6 100644
--- a/keyserver/src/creators/olm-session-creator.js
+++ b/keyserver/src/creators/olm-session-creator.js
@@ -1,48 +1,66 @@
 // @flow
 
 import type { Account as OlmAccount } from '@commapp/olm';
 
 import { ServerError } from 'lib/utils/errors.js';
 
 import { dbQuery, SQL } from '../database/database.js';
 import { fetchCallUpdateOlmAccount } from '../updaters/olm-account-updater.js';
 import { createPickledOlmSession } from '../utils/olm-utils.js';
 
 async function createOlmSession(
   initialEncryptedMessage: string,
   olmSessionType: 'content' | 'notifications',
-  cookieID: string,
-): Promise<void> {
+  theirCurve25519Key?: string,
+): Promise<string> {
   const callback = (account: OlmAccount, picklingKey: string) =>
-    createPickledOlmSession(account, picklingKey, initialEncryptedMessage);
+    createPickledOlmSession(
+      account,
+      picklingKey,
+      initialEncryptedMessage,
+      theirCurve25519Key,
+    );
 
-  let pickledOlmSession;
   try {
-    pickledOlmSession = await fetchCallUpdateOlmAccount(
-      olmSessionType,
-      callback,
-    );
+    return await fetchCallUpdateOlmAccount(olmSessionType, callback);
   } catch (e) {
-    console.warn(
-      `failed to create olm session of type: ${olmSessionType} ` +
-        `for user with cookie id: ${cookieID}`,
-      e,
-    );
+    console.warn(`failed to create olm session of type: ${olmSessionType}`, e);
     throw new ServerError('olm_session_creation_failure');
   }
+}
 
+async function persistFreshOlmSession(
+  pickledOlmSession: string,
+  olmSessionType: 'content' | 'notifications',
+  cookieID: string,
+): Promise<void> {
   const isContent = olmSessionType === 'content';
   // We match the native client behavior here where olm session is overwritten
   // in case it is initialized twice for the same pair of identities
   await dbQuery(
     SQL`
       INSERT INTO olm_sessions (cookie_id, is_content, 
         version, pickled_olm_session)
       VALUES (${cookieID}, ${isContent}, 0, ${pickledOlmSession})
       ON DUPLICATE KEY UPDATE
         pickled_olm_session = ${pickledOlmSession}
     `,
   );
 }
 
-export { createOlmSession };
+async function createAndPersistOlmSession(
+  initialEncryptedMessage: string,
+  olmSessionType: 'content' | 'notifications',
+  cookieID: string,
+  theirCurve25519Key?: string,
+): Promise<void> {
+  const pickledOlmSession = await createOlmSession(
+    initialEncryptedMessage,
+    olmSessionType,
+    theirCurve25519Key,
+  );
+
+  await persistFreshOlmSession(pickledOlmSession, olmSessionType, cookieID);
+}
+
+export { createOlmSession, persistFreshOlmSession, createAndPersistOlmSession };
diff --git a/keyserver/src/responders/user-responders.js b/keyserver/src/responders/user-responders.js
index cd6776c1a..6ddddce49 100644
--- a/keyserver/src/responders/user-responders.js
+++ b/keyserver/src/responders/user-responders.js
@@ -1,784 +1,784 @@
 // @flow
 
 import type { Utility as OlmUtility } from '@commapp/olm';
 import invariant from 'invariant';
 import { ErrorTypes, SiweMessage } from 'siwe';
 import t, { type TInterface, type TUnion, type TEnums } from 'tcomb';
 import bcrypt from 'twin-bcrypt';
 
 import {
   baseLegalPolicies,
   policies,
   policyTypeValidator,
 } from 'lib/facts/policies.js';
 import { rawThreadInfoValidator } from 'lib/permissions/minimally-encoded-thread-permissions-validators.js';
 import { hasMinCodeVersion } from 'lib/shared/version-utils.js';
 import type {
   ResetPasswordRequest,
   LogOutResponse,
   RegisterResponse,
   RegisterRequest,
   LogInResponse,
   LogInRequest,
   UpdatePasswordRequest,
   UpdateUserSettingsRequest,
   PolicyAcknowledgmentRequest,
   ClaimUsernameResponse,
 } from 'lib/types/account-types.js';
 import {
   userSettingsTypes,
   notificationTypeValues,
   logInActionSources,
 } from 'lib/types/account-types.js';
 import {
   type ClientAvatar,
   clientAvatarValidator,
   type UpdateUserAvatarResponse,
   type UpdateUserAvatarRequest,
 } from 'lib/types/avatar-types.js';
 import type {
   ReservedUsernameMessage,
   IdentityKeysBlob,
   SignedIdentityKeysBlob,
 } from 'lib/types/crypto-types.js';
 import type { DeviceType } from 'lib/types/device-types';
 import {
   type CalendarQuery,
   rawEntryInfoValidator,
   type FetchEntryInfosBase,
 } from 'lib/types/entry-types.js';
 import {
   defaultNumberPerThread,
   rawMessageInfoValidator,
   messageTruncationStatusesValidator,
 } from 'lib/types/message-types.js';
 import type {
   SIWEAuthRequest,
   SIWEMessage,
   SIWESocialProof,
 } from 'lib/types/siwe-types.js';
 import {
   type SubscriptionUpdateRequest,
   type SubscriptionUpdateResponse,
   threadSubscriptionValidator,
 } from 'lib/types/subscription-types.js';
 import { createUpdatesResultValidator } from 'lib/types/update-types.js';
 import {
   type PasswordUpdate,
   loggedOutUserInfoValidator,
   loggedInUserInfoValidator,
   userInfoValidator,
 } from 'lib/types/user-types.js';
 import {
   identityKeysBlobValidator,
   signedIdentityKeysBlobValidator,
 } from 'lib/utils/crypto-utils.js';
 import { ServerError } from 'lib/utils/errors.js';
 import { values } from 'lib/utils/objects.js';
 import {
   getPublicKeyFromSIWEStatement,
   isValidSIWEMessage,
   isValidSIWEStatementWithPublicKey,
   primaryIdentityPublicKeyRegex,
 } from 'lib/utils/siwe-utils.js';
 import {
   tShape,
   tPlatformDetails,
   tPassword,
   tEmail,
   tOldValidUsername,
   tRegex,
   tID,
 } from 'lib/utils/validation-utils.js';
 
 import {
   entryQueryInputValidator,
   newEntryQueryInputValidator,
   normalizeCalendarQuery,
   verifyCalendarQueryThreadIDs,
 } from './entry-responders.js';
 import {
   createAccount,
   processSIWEAccountCreation,
 } from '../creators/account-creator.js';
-import { createOlmSession } from '../creators/olm-session-creator.js';
+import { createAndPersistOlmSession } from '../creators/olm-session-creator.js';
 import { dbQuery, SQL } from '../database/database.js';
 import { deleteAccount } from '../deleters/account-deleters.js';
 import { deleteCookie } from '../deleters/cookie-deleters.js';
 import { checkAndInvalidateSIWENonceEntry } from '../deleters/siwe-nonce-deleters.js';
 import { fetchEntryInfos } from '../fetchers/entry-fetchers.js';
 import { fetchMessageInfos } from '../fetchers/message-fetchers.js';
 import { fetchNotAcknowledgedPolicies } from '../fetchers/policy-acknowledgment-fetchers.js';
 import { fetchThreadInfos } from '../fetchers/thread-fetchers.js';
 import {
   fetchKnownUserInfos,
   fetchLoggedInUserInfo,
   fetchUserIDForEthereumAddress,
   fetchUsername,
 } from '../fetchers/user-fetchers.js';
 import {
   createNewAnonymousCookie,
   createNewUserCookie,
   setNewSession,
 } from '../session/cookies.js';
 import type { Viewer } from '../session/viewer.js';
 import {
   accountUpdater,
   checkAndSendVerificationEmail,
   checkAndSendPasswordResetEmail,
   updatePassword,
   updateUserSettings,
   updateUserAvatar,
 } from '../updaters/account-updaters.js';
 import { fetchOlmAccount } from '../updaters/olm-account-updater.js';
 import { userSubscriptionUpdater } from '../updaters/user-subscription-updaters.js';
 import { viewerAcknowledgmentUpdater } from '../updaters/viewer-acknowledgment-updater.js';
 import { getOlmUtility } from '../utils/olm-utils.js';
 
 export const subscriptionUpdateRequestInputValidator: TInterface<SubscriptionUpdateRequest> =
   tShape<SubscriptionUpdateRequest>({
     threadID: tID,
     updatedFields: tShape({
       pushNotifs: t.maybe(t.Boolean),
       home: t.maybe(t.Boolean),
     }),
   });
 
 export const subscriptionUpdateResponseValidator: TInterface<SubscriptionUpdateResponse> =
   tShape<SubscriptionUpdateResponse>({
     threadSubscription: threadSubscriptionValidator,
   });
 
 async function userSubscriptionUpdateResponder(
   viewer: Viewer,
   request: SubscriptionUpdateRequest,
 ): Promise<SubscriptionUpdateResponse> {
   const threadSubscription = await userSubscriptionUpdater(viewer, request);
   return {
     threadSubscription,
   };
 }
 
 export const accountUpdateInputValidator: TInterface<PasswordUpdate> =
   tShape<PasswordUpdate>({
     updatedFields: tShape({
       email: t.maybe(tEmail),
       password: t.maybe(tPassword),
     }),
     currentPassword: tPassword,
   });
 
 async function passwordUpdateResponder(
   viewer: Viewer,
   request: PasswordUpdate,
 ): Promise<void> {
   await accountUpdater(viewer, request);
 }
 
 async function sendVerificationEmailResponder(viewer: Viewer): Promise<void> {
   await checkAndSendVerificationEmail(viewer);
 }
 
 export const resetPasswordRequestInputValidator: TInterface<ResetPasswordRequest> =
   tShape<ResetPasswordRequest>({
     usernameOrEmail: t.union([tEmail, tOldValidUsername]),
   });
 
 async function sendPasswordResetEmailResponder(
   viewer: Viewer,
   request: ResetPasswordRequest,
 ): Promise<void> {
   await checkAndSendPasswordResetEmail(request);
 }
 
 export const logOutResponseValidator: TInterface<LogOutResponse> =
   tShape<LogOutResponse>({
     currentUserInfo: loggedOutUserInfoValidator,
   });
 
 async function logOutResponder(viewer: Viewer): Promise<LogOutResponse> {
   if (viewer.loggedIn) {
     const [anonymousViewerData] = await Promise.all([
       createNewAnonymousCookie({
         platformDetails: viewer.platformDetails,
         deviceToken: viewer.deviceToken,
       }),
       deleteCookie(viewer.cookieID),
     ]);
     viewer.setNewCookie(anonymousViewerData);
   }
   return {
     currentUserInfo: {
       anonymous: true,
     },
   };
 }
 
 async function accountDeletionResponder(
   viewer: Viewer,
 ): Promise<LogOutResponse> {
   const result = await deleteAccount(viewer);
   invariant(result, 'deleteAccount should return result if handed request');
   return result;
 }
 
 type OldDeviceTokenUpdateRequest = {
   +deviceType?: ?DeviceType,
   +deviceToken: string,
 };
 const deviceTokenUpdateRequestInputValidator =
   tShape<OldDeviceTokenUpdateRequest>({
     deviceType: t.maybe(t.enums.of(['ios', 'android'])),
     deviceToken: t.String,
   });
 
 export const registerRequestInputValidator: TInterface<RegisterRequest> =
   tShape<RegisterRequest>({
     username: t.String,
     email: t.maybe(tEmail),
     password: tPassword,
     calendarQuery: t.maybe(newEntryQueryInputValidator),
     deviceTokenUpdateRequest: t.maybe(deviceTokenUpdateRequestInputValidator),
     platformDetails: tPlatformDetails,
     // We include `primaryIdentityPublicKey` to avoid breaking
     // old clients, but we no longer do anything with it.
     primaryIdentityPublicKey: t.maybe(tRegex(primaryIdentityPublicKeyRegex)),
     signedIdentityKeysBlob: t.maybe(signedIdentityKeysBlobValidator),
     initialNotificationsEncryptedMessage: t.maybe(t.String),
   });
 
 export const registerResponseValidator: TInterface<RegisterResponse> =
   tShape<RegisterResponse>({
     id: t.String,
     rawMessageInfos: t.list(rawMessageInfoValidator),
     currentUserInfo: loggedInUserInfoValidator,
     cookieChange: tShape({
       threadInfos: t.dict(tID, rawThreadInfoValidator),
       userInfos: t.list(userInfoValidator),
     }),
   });
 
 async function accountCreationResponder(
   viewer: Viewer,
   request: RegisterRequest,
 ): Promise<RegisterResponse> {
   const { signedIdentityKeysBlob } = request;
   if (signedIdentityKeysBlob) {
     const identityKeys: IdentityKeysBlob = JSON.parse(
       signedIdentityKeysBlob.payload,
     );
     if (!identityKeysBlobValidator.is(identityKeys)) {
       throw new ServerError('invalid_identity_keys_blob');
     }
 
     const olmUtil: OlmUtility = getOlmUtility();
     try {
       olmUtil.ed25519_verify(
         identityKeys.primaryIdentityPublicKeys.ed25519,
         signedIdentityKeysBlob.payload,
         signedIdentityKeysBlob.signature,
       );
     } catch (e) {
       throw new ServerError('invalid_signature');
     }
   }
   return await createAccount(viewer, request);
 }
 
 type ProcessSuccessfulLoginParams = {
   +viewer: Viewer,
   +input: any,
   +userID: string,
   +calendarQuery: ?CalendarQuery,
   +socialProof?: ?SIWESocialProof,
   +signedIdentityKeysBlob?: ?SignedIdentityKeysBlob,
   +initialNotificationsEncryptedMessage?: string,
 };
 
 async function processSuccessfulLogin(
   params: ProcessSuccessfulLoginParams,
 ): Promise<LogInResponse> {
   const {
     viewer,
     input,
     userID,
     calendarQuery,
     socialProof,
     signedIdentityKeysBlob,
     initialNotificationsEncryptedMessage,
   } = params;
 
   const request: LogInRequest = input;
   const newServerTime = Date.now();
   const deviceToken = request.deviceTokenUpdateRequest
     ? request.deviceTokenUpdateRequest.deviceToken
     : viewer.deviceToken;
   const [userViewerData, notAcknowledgedPolicies] = await Promise.all([
     createNewUserCookie(userID, {
       platformDetails: request.platformDetails,
       deviceToken,
       socialProof,
       signedIdentityKeysBlob,
     }),
     fetchNotAcknowledgedPolicies(userID, baseLegalPolicies),
     deleteCookie(viewer.cookieID),
   ]);
   viewer.setNewCookie(userViewerData);
 
   if (
     notAcknowledgedPolicies.length &&
     hasMinCodeVersion(viewer.platformDetails, { native: 181 })
   ) {
     const currentUserInfo = await fetchLoggedInUserInfo(viewer);
     return {
       notAcknowledgedPolicies,
       currentUserInfo: currentUserInfo,
       rawMessageInfos: [],
       truncationStatuses: {},
       userInfos: [],
       rawEntryInfos: [],
       serverTime: 0,
       cookieChange: {
         threadInfos: {},
         userInfos: [],
       },
     };
   }
 
   if (calendarQuery) {
     await setNewSession(viewer, calendarQuery, newServerTime);
   }
   const olmSessionPromise = (async () => {
     if (
       userViewerData.cookieID &&
       initialNotificationsEncryptedMessage &&
       signedIdentityKeysBlob
     ) {
-      await createOlmSession(
+      await createAndPersistOlmSession(
         initialNotificationsEncryptedMessage,
         'notifications',
         userViewerData.cookieID,
       );
     }
   })();
 
   const threadCursors: { [string]: null } = {};
   for (const watchedThreadID of request.watchedIDs) {
     threadCursors[watchedThreadID] = null;
   }
   const messageSelectionCriteria = { threadCursors, joinedThreads: true };
 
   const entriesPromise: Promise<?FetchEntryInfosBase> = (async () => {
     if (!calendarQuery) {
       return undefined;
     }
     return await fetchEntryInfos(viewer, [calendarQuery]);
   })();
 
   const [
     threadsResult,
     messagesResult,
     entriesResult,
     userInfos,
     currentUserInfo,
   ] = await Promise.all([
     fetchThreadInfos(viewer),
     fetchMessageInfos(viewer, messageSelectionCriteria, defaultNumberPerThread),
     entriesPromise,
     fetchKnownUserInfos(viewer),
     fetchLoggedInUserInfo(viewer),
     olmSessionPromise,
   ]);
 
   const rawEntryInfos = entriesResult ? entriesResult.rawEntryInfos : null;
   const response: LogInResponse = {
     currentUserInfo,
     rawMessageInfos: messagesResult.rawMessageInfos,
     truncationStatuses: messagesResult.truncationStatuses,
     serverTime: newServerTime,
     userInfos: values(userInfos),
     cookieChange: {
       threadInfos: threadsResult.threadInfos,
       userInfos: [],
     },
   };
   if (rawEntryInfos) {
     return {
       ...response,
       rawEntryInfos,
     };
   }
   return response;
 }
 
 export const logInRequestInputValidator: TInterface<LogInRequest> =
   tShape<LogInRequest>({
     username: t.maybe(t.String),
     usernameOrEmail: t.maybe(t.union([tEmail, tOldValidUsername])),
     password: tPassword,
     watchedIDs: t.list(tID),
     calendarQuery: t.maybe(entryQueryInputValidator),
     deviceTokenUpdateRequest: t.maybe(deviceTokenUpdateRequestInputValidator),
     platformDetails: tPlatformDetails,
     source: t.maybe(t.enums.of(values(logInActionSources))),
     // We include `primaryIdentityPublicKey` to avoid breaking
     // old clients, but we no longer do anything with it.
     primaryIdentityPublicKey: t.maybe(tRegex(primaryIdentityPublicKeyRegex)),
     signedIdentityKeysBlob: t.maybe(signedIdentityKeysBlobValidator),
     initialNotificationsEncryptedMessage: t.maybe(t.String),
   });
 
 export const logInResponseValidator: TInterface<LogInResponse> =
   tShape<LogInResponse>({
     currentUserInfo: loggedInUserInfoValidator,
     rawMessageInfos: t.list(rawMessageInfoValidator),
     truncationStatuses: messageTruncationStatusesValidator,
     userInfos: t.list(userInfoValidator),
     rawEntryInfos: t.maybe(t.list(rawEntryInfoValidator)),
     serverTime: t.Number,
     cookieChange: tShape({
       threadInfos: t.dict(tID, rawThreadInfoValidator),
       userInfos: t.list(userInfoValidator),
     }),
     notAcknowledgedPolicies: t.maybe(t.list<TEnums>(policyTypeValidator)),
   });
 
 async function logInResponder(
   viewer: Viewer,
   request: LogInRequest,
 ): Promise<LogInResponse> {
   let identityKeys: ?IdentityKeysBlob;
   const { signedIdentityKeysBlob, initialNotificationsEncryptedMessage } =
     request;
   if (signedIdentityKeysBlob) {
     identityKeys = JSON.parse(signedIdentityKeysBlob.payload);
 
     const olmUtil: OlmUtility = getOlmUtility();
     try {
       olmUtil.ed25519_verify(
         identityKeys.primaryIdentityPublicKeys.ed25519,
         signedIdentityKeysBlob.payload,
         signedIdentityKeysBlob.signature,
       );
     } catch (e) {
       throw new ServerError('invalid_signature');
     }
   }
 
   const calendarQuery = request.calendarQuery
     ? normalizeCalendarQuery(request.calendarQuery)
     : null;
   const verifyCalendarQueryThreadIDsPromise = (async () => {
     if (calendarQuery) {
       await verifyCalendarQueryThreadIDs(calendarQuery);
     }
   })();
 
   const username = request.username ?? request.usernameOrEmail;
   if (!username) {
     if (hasMinCodeVersion(viewer.platformDetails, { native: 150 })) {
       throw new ServerError('invalid_credentials');
     } else {
       throw new ServerError('invalid_parameters');
     }
   }
   const userQuery = SQL`
     SELECT id, hash, username
     FROM users
     WHERE LCASE(username) = LCASE(${username})
   `;
   const userQueryPromise = dbQuery(userQuery);
   const [[userResult]] = await Promise.all([
     userQueryPromise,
     verifyCalendarQueryThreadIDsPromise,
   ]);
 
   if (userResult.length === 0) {
     if (hasMinCodeVersion(viewer.platformDetails, { native: 150 })) {
       throw new ServerError('invalid_credentials');
     } else {
       throw new ServerError('invalid_parameters');
     }
   }
 
   const userRow = userResult[0];
 
   if (!userRow.hash || !bcrypt.compareSync(request.password, userRow.hash)) {
     throw new ServerError('invalid_credentials');
   }
 
   const id = userRow.id.toString();
 
   return await processSuccessfulLogin({
     viewer,
     input: request,
     userID: id,
     calendarQuery,
     signedIdentityKeysBlob,
     initialNotificationsEncryptedMessage,
   });
 }
 
 export const siweAuthRequestInputValidator: TInterface<SIWEAuthRequest> =
   tShape<SIWEAuthRequest>({
     signature: t.String,
     message: t.String,
     calendarQuery: entryQueryInputValidator,
     deviceTokenUpdateRequest: t.maybe(deviceTokenUpdateRequestInputValidator),
     platformDetails: tPlatformDetails,
     watchedIDs: t.list(tID),
     signedIdentityKeysBlob: t.maybe(signedIdentityKeysBlobValidator),
     initialNotificationsEncryptedMessage: t.maybe(t.String),
     doNotRegister: t.maybe(t.Boolean),
   });
 
 async function siweAuthResponder(
   viewer: Viewer,
   request: SIWEAuthRequest,
 ): Promise<LogInResponse> {
   const {
     message,
     signature,
     deviceTokenUpdateRequest,
     platformDetails,
     signedIdentityKeysBlob,
     initialNotificationsEncryptedMessage,
     doNotRegister,
   } = request;
   const calendarQuery = normalizeCalendarQuery(request.calendarQuery);
 
   // 1. Ensure that `message` is a well formed Comm SIWE Auth message.
   const siweMessage: SIWEMessage = new SiweMessage(message);
   if (!isValidSIWEMessage(siweMessage)) {
     throw new ServerError('invalid_parameters');
   }
 
   // 2. Check if there's already a user for this ETH address.
   const existingUserID = await fetchUserIDForEthereumAddress(
     siweMessage.address,
   );
   if (!existingUserID && doNotRegister) {
     throw new ServerError('account_does_not_exist');
   }
 
   // 3. Ensure that the `nonce` exists in the `siwe_nonces` table
   //    AND hasn't expired. If those conditions are met, delete the entry to
   //    ensure that the same `nonce` can't be re-used in a future request.
   const wasNonceCheckedAndInvalidated = await checkAndInvalidateSIWENonceEntry(
     siweMessage.nonce,
   );
   if (!wasNonceCheckedAndInvalidated) {
     throw new ServerError('invalid_parameters');
   }
 
   // 4. Validate SIWEMessage signature and handle possible errors.
   try {
     await siweMessage.validate(signature);
   } catch (error) {
     if (error === ErrorTypes.EXPIRED_MESSAGE) {
       // Thrown when the `expirationTime` is present and in the past.
       throw new ServerError('expired_message');
     } else if (error === ErrorTypes.INVALID_SIGNATURE) {
       // Thrown when the `validate()` function can't verify the message.
       throw new ServerError('invalid_signature');
     } else if (error === ErrorTypes.MALFORMED_SESSION) {
       // Thrown when some required field is missing.
       throw new ServerError('malformed_session');
     } else {
       throw new ServerError('unknown_error');
     }
   }
 
   // 5. Pull `primaryIdentityPublicKey` out from SIWEMessage `statement`.
   //    We expect it to be included for BOTH native and web clients.
   const { statement } = siweMessage;
   const primaryIdentityPublicKey =
     statement && isValidSIWEStatementWithPublicKey(statement)
       ? getPublicKeyFromSIWEStatement(statement)
       : null;
   if (!primaryIdentityPublicKey) {
     throw new ServerError('invalid_siwe_statement_public_key');
   }
 
   // 6. Verify `signedIdentityKeysBlob.payload` with included `signature`
   //    if `signedIdentityKeysBlob` was included in the `SIWEAuthRequest`.
   let identityKeys: ?IdentityKeysBlob;
   if (signedIdentityKeysBlob) {
     identityKeys = JSON.parse(signedIdentityKeysBlob.payload);
     if (!identityKeysBlobValidator.is(identityKeys)) {
       throw new ServerError('invalid_identity_keys_blob');
     }
 
     const olmUtil: OlmUtility = getOlmUtility();
     try {
       olmUtil.ed25519_verify(
         identityKeys.primaryIdentityPublicKeys.ed25519,
         signedIdentityKeysBlob.payload,
         signedIdentityKeysBlob.signature,
       );
     } catch (e) {
       throw new ServerError('invalid_signature');
     }
   }
 
   // 7. Ensure that `primaryIdentityPublicKeys.ed25519` matches SIWE
   //    statement `primaryIdentityPublicKey` if `identityKeys` exists.
   if (
     identityKeys &&
     identityKeys.primaryIdentityPublicKeys.ed25519 !== primaryIdentityPublicKey
   ) {
     throw new ServerError('primary_public_key_mismatch');
   }
 
   // 8. Construct `SIWESocialProof` object with the stringified
   //    SIWEMessage and the corresponding signature.
   const socialProof: SIWESocialProof = {
     siweMessage: siweMessage.toMessage(),
     siweMessageSignature: signature,
   };
 
   // 9. Create account with call to `processSIWEAccountCreation(...)`
   //    if address does not correspond to an existing user.
   let userID = existingUserID;
   if (!userID) {
     const siweAccountCreationRequest = {
       address: siweMessage.address,
       calendarQuery,
       deviceTokenUpdateRequest,
       platformDetails,
       socialProof,
     };
     userID = await processSIWEAccountCreation(
       viewer,
       siweAccountCreationRequest,
     );
   }
 
   // 10. Complete login with call to `processSuccessfulLogin(...)`.
   return await processSuccessfulLogin({
     viewer,
     input: request,
     userID,
     calendarQuery,
     socialProof,
     signedIdentityKeysBlob,
     initialNotificationsEncryptedMessage,
   });
 }
 
 export const updatePasswordRequestInputValidator: TInterface<UpdatePasswordRequest> =
   tShape<UpdatePasswordRequest>({
     code: t.String,
     password: tPassword,
     watchedIDs: t.list(tID),
     calendarQuery: t.maybe(entryQueryInputValidator),
     deviceTokenUpdateRequest: t.maybe(deviceTokenUpdateRequestInputValidator),
     platformDetails: tPlatformDetails,
   });
 
 async function oldPasswordUpdateResponder(
   viewer: Viewer,
   request: UpdatePasswordRequest,
 ): Promise<LogInResponse> {
   if (request.calendarQuery) {
     request.calendarQuery = normalizeCalendarQuery(request.calendarQuery);
   }
   return await updatePassword(viewer, request);
 }
 
 export const updateUserSettingsInputValidator: TInterface<UpdateUserSettingsRequest> =
   tShape<UpdateUserSettingsRequest>({
     name: t.irreducible(
       userSettingsTypes.DEFAULT_NOTIFICATIONS,
       x => x === userSettingsTypes.DEFAULT_NOTIFICATIONS,
     ),
     data: t.enums.of(notificationTypeValues),
   });
 
 async function updateUserSettingsResponder(
   viewer: Viewer,
   request: UpdateUserSettingsRequest,
 ): Promise<void> {
   await updateUserSettings(viewer, request);
 }
 
 export const policyAcknowledgmentRequestInputValidator: TInterface<PolicyAcknowledgmentRequest> =
   tShape<PolicyAcknowledgmentRequest>({
     policy: t.maybe(t.enums.of(policies)),
   });
 
 async function policyAcknowledgmentResponder(
   viewer: Viewer,
   request: PolicyAcknowledgmentRequest,
 ): Promise<void> {
   await viewerAcknowledgmentUpdater(viewer, request.policy);
 }
 
 export const updateUserAvatarResponseValidator: TInterface<UpdateUserAvatarResponse> =
   tShape<UpdateUserAvatarResponse>({
     updates: createUpdatesResultValidator,
   });
 
 export const updateUserAvatarResponderValidator: TUnion<
   ?ClientAvatar | UpdateUserAvatarResponse,
 > = t.union([
   t.maybe(clientAvatarValidator),
   updateUserAvatarResponseValidator,
 ]);
 
 async function updateUserAvatarResponder(
   viewer: Viewer,
   request: UpdateUserAvatarRequest,
 ): Promise<?ClientAvatar | UpdateUserAvatarResponse> {
   return await updateUserAvatar(viewer, request);
 }
 
 export const claimUsernameResponseValidator: TInterface<ClaimUsernameResponse> =
   tShape<ClaimUsernameResponse>({
     message: t.String,
     signature: t.String,
   });
 
 async function claimUsernameResponder(
   viewer: Viewer,
 ): Promise<ClaimUsernameResponse> {
   const [username, accountInfo] = await Promise.all([
     fetchUsername(viewer.userID),
     fetchOlmAccount('content'),
   ]);
 
   if (!username) {
     throw new ServerError('invalid_credentials');
   }
 
   const issuedAt = new Date().toISOString();
   const reservedUsernameMessage: ReservedUsernameMessage = {
     statement: 'This user is the owner of the following username and user ID',
     payload: {
       username,
       userID: viewer.userID,
     },
     issuedAt,
   };
   const message = JSON.stringify(reservedUsernameMessage);
   const signature = accountInfo.account.sign(message);
 
   return { message, signature };
 }
 
 export {
   userSubscriptionUpdateResponder,
   passwordUpdateResponder,
   sendVerificationEmailResponder,
   sendPasswordResetEmailResponder,
   logOutResponder,
   accountDeletionResponder,
   accountCreationResponder,
   logInResponder,
   siweAuthResponder,
   oldPasswordUpdateResponder,
   updateUserSettingsResponder,
   policyAcknowledgmentResponder,
   updateUserAvatarResponder,
   claimUsernameResponder,
 };
diff --git a/keyserver/src/socket/session-utils.js b/keyserver/src/socket/session-utils.js
index 07887ff8b..3a348f6dd 100644
--- a/keyserver/src/socket/session-utils.js
+++ b/keyserver/src/socket/session-utils.js
@@ -1,558 +1,558 @@
 // @flow
 
 import invariant from 'invariant';
 import t from 'tcomb';
 import type { TUnion } from 'tcomb';
 
 import { hasMinCodeVersion } from 'lib/shared/version-utils.js';
 import type {
   UpdateActivityResult,
   ActivityUpdate,
 } from 'lib/types/activity-types.js';
 import type { IdentityKeysBlob } from 'lib/types/crypto-types.js';
 import { isDeviceType } from 'lib/types/device-types.js';
 import type {
   CalendarQuery,
   DeltaEntryInfosResponse,
 } from 'lib/types/entry-types.js';
 import {
   reportTypes,
   type ThreadInconsistencyReportCreationRequest,
   type EntryInconsistencyReportCreationRequest,
 } from 'lib/types/report-types.js';
 import {
   serverRequestTypes,
   type ThreadInconsistencyClientResponse,
   type EntryInconsistencyClientResponse,
   type ClientResponse,
   type ServerServerRequest,
   type ServerCheckStateServerRequest,
 } from 'lib/types/request-types.js';
 import { sessionCheckFrequency } from 'lib/types/session-types.js';
 import { signedIdentityKeysBlobValidator } from 'lib/utils/crypto-utils.js';
 import { hash, values } from 'lib/utils/objects.js';
 import { promiseAll, ignorePromiseRejections } from 'lib/utils/promises.js';
 import {
   tShape,
   tPlatform,
   tPlatformDetails,
 } from 'lib/utils/validation-utils.js';
 
-import { createOlmSession } from '../creators/olm-session-creator.js';
+import { createAndPersistOlmSession } from '../creators/olm-session-creator.js';
 import { saveOneTimeKeys } from '../creators/one-time-keys-creator.js';
 import createReport from '../creators/report-creator.js';
 import { fetchEntriesForSession } from '../fetchers/entry-fetchers.js';
 import { checkIfSessionHasEnoughOneTimeKeys } from '../fetchers/key-fetchers.js';
 import { activityUpdatesInputValidator } from '../responders/activity-responders.js';
 import {
   threadInconsistencyReportValidatorShape,
   entryInconsistencyReportValidatorShape,
 } from '../responders/report-responders.js';
 import {
   setNewSession,
   setCookiePlatform,
   setCookiePlatformDetails,
   setCookieSignedIdentityKeysBlob,
 } from '../session/cookies.js';
 import type { Viewer } from '../session/viewer.js';
 import { serverStateSyncSpecs } from '../shared/state-sync/state-sync-specs.js';
 import { activityUpdater } from '../updaters/activity-updaters.js';
 import { compareNewCalendarQuery } from '../updaters/entry-updaters.js';
 import type { SessionUpdate } from '../updaters/session-updaters.js';
 import { getOlmUtility } from '../utils/olm-utils.js';
 
 const clientResponseInputValidator: TUnion<ClientResponse> = t.union([
   tShape({
     type: t.irreducible(
       'serverRequestTypes.PLATFORM',
       x => x === serverRequestTypes.PLATFORM,
     ),
     platform: tPlatform,
   }),
   tShape({
     ...threadInconsistencyReportValidatorShape,
     type: t.irreducible(
       'serverRequestTypes.THREAD_INCONSISTENCY',
       x => x === serverRequestTypes.THREAD_INCONSISTENCY,
     ),
   }),
   tShape({
     ...entryInconsistencyReportValidatorShape,
     type: t.irreducible(
       'serverRequestTypes.ENTRY_INCONSISTENCY',
       x => x === serverRequestTypes.ENTRY_INCONSISTENCY,
     ),
   }),
   tShape({
     type: t.irreducible(
       'serverRequestTypes.PLATFORM_DETAILS',
       x => x === serverRequestTypes.PLATFORM_DETAILS,
     ),
     platformDetails: tPlatformDetails,
   }),
   tShape({
     type: t.irreducible(
       'serverRequestTypes.CHECK_STATE',
       x => x === serverRequestTypes.CHECK_STATE,
     ),
     hashResults: t.dict(t.String, t.Boolean),
   }),
   tShape({
     type: t.irreducible(
       'serverRequestTypes.INITIAL_ACTIVITY_UPDATES',
       x => x === serverRequestTypes.INITIAL_ACTIVITY_UPDATES,
     ),
     activityUpdates: activityUpdatesInputValidator,
   }),
   tShape({
     type: t.irreducible(
       'serverRequestTypes.MORE_ONE_TIME_KEYS',
       x => x === serverRequestTypes.MORE_ONE_TIME_KEYS,
     ),
     keys: t.list(t.String),
   }),
   tShape({
     type: t.irreducible(
       'serverRequestTypes.SIGNED_IDENTITY_KEYS_BLOB',
       x => x === serverRequestTypes.SIGNED_IDENTITY_KEYS_BLOB,
     ),
     signedIdentityKeysBlob: signedIdentityKeysBlobValidator,
   }),
   tShape({
     type: t.irreducible(
       'serverRequestTypes.INITIAL_NOTIFICATIONS_ENCRYPTED_MESSAGE',
       x => x === serverRequestTypes.INITIAL_NOTIFICATIONS_ENCRYPTED_MESSAGE,
     ),
     initialNotificationsEncryptedMessage: t.String,
   }),
 ]);
 
 type StateCheckStatus =
   | { status: 'state_validated' }
   | { status: 'state_invalid', invalidKeys: $ReadOnlyArray<string> }
   | { status: 'state_check' };
 type ProcessClientResponsesResult = {
   serverRequests: ServerServerRequest[],
   stateCheckStatus: ?StateCheckStatus,
   activityUpdateResult: ?UpdateActivityResult,
 };
 async function processClientResponses(
   viewer: Viewer,
   clientResponses: $ReadOnlyArray<ClientResponse>,
 ): Promise<ProcessClientResponsesResult> {
   let viewerMissingPlatform = !viewer.platform;
   const { platformDetails } = viewer;
   let viewerMissingPlatformDetails =
     !platformDetails ||
     (isDeviceType(viewer.platform) &&
       (platformDetails.codeVersion === null ||
         platformDetails.codeVersion === undefined ||
         platformDetails.stateVersion === null ||
         platformDetails.stateVersion === undefined));
 
   const promises = [];
   let activityUpdates: Array<ActivityUpdate> = [];
   let stateCheckStatus = null;
   const clientSentPlatformDetails = clientResponses.some(
     response => response.type === serverRequestTypes.PLATFORM_DETAILS,
   );
   for (const clientResponse of clientResponses) {
     if (
       clientResponse.type === serverRequestTypes.PLATFORM &&
       !clientSentPlatformDetails
     ) {
       promises.push(setCookiePlatform(viewer, clientResponse.platform));
       viewerMissingPlatform = false;
       if (!isDeviceType(clientResponse.platform)) {
         viewerMissingPlatformDetails = false;
       }
     } else if (
       clientResponse.type === serverRequestTypes.THREAD_INCONSISTENCY
     ) {
       promises.push(recordThreadInconsistency(viewer, clientResponse));
     } else if (clientResponse.type === serverRequestTypes.ENTRY_INCONSISTENCY) {
       promises.push(recordEntryInconsistency(viewer, clientResponse));
     } else if (clientResponse.type === serverRequestTypes.PLATFORM_DETAILS) {
       promises.push(
         setCookiePlatformDetails(viewer, clientResponse.platformDetails),
       );
       viewerMissingPlatform = false;
       viewerMissingPlatformDetails = false;
     } else if (
       clientResponse.type === serverRequestTypes.INITIAL_ACTIVITY_UPDATES
     ) {
       activityUpdates = [...activityUpdates, ...clientResponse.activityUpdates];
     } else if (clientResponse.type === serverRequestTypes.CHECK_STATE) {
       const invalidKeys = [];
       for (const key in clientResponse.hashResults) {
         const result = clientResponse.hashResults[key];
         if (!result) {
           invalidKeys.push(key);
         }
       }
       stateCheckStatus =
         invalidKeys.length > 0
           ? { status: 'state_invalid', invalidKeys }
           : { status: 'state_validated' };
     } else if (clientResponse.type === serverRequestTypes.MORE_ONE_TIME_KEYS) {
       invariant(clientResponse.keys, 'keys expected in client response');
       ignorePromiseRejections(saveOneTimeKeys(viewer, clientResponse.keys));
     } else if (
       clientResponse.type === serverRequestTypes.SIGNED_IDENTITY_KEYS_BLOB
     ) {
       invariant(
         clientResponse.signedIdentityKeysBlob,
         'signedIdentityKeysBlob expected in client response',
       );
       const { signedIdentityKeysBlob } = clientResponse;
       const identityKeys: IdentityKeysBlob = JSON.parse(
         signedIdentityKeysBlob.payload,
       );
       const olmUtil = getOlmUtility();
       try {
         olmUtil.ed25519_verify(
           identityKeys.primaryIdentityPublicKeys.ed25519,
           signedIdentityKeysBlob.payload,
           signedIdentityKeysBlob.signature,
         );
         ignorePromiseRejections(
           setCookieSignedIdentityKeysBlob(
             viewer.cookieID,
             signedIdentityKeysBlob,
           ),
         );
       } catch (e) {
         continue;
       }
     } else if (
       clientResponse.type ===
       serverRequestTypes.INITIAL_NOTIFICATIONS_ENCRYPTED_MESSAGE
     ) {
       invariant(
         t.String.is(clientResponse.initialNotificationsEncryptedMessage),
         'initialNotificationsEncryptedMessage expected in client response',
       );
       const { initialNotificationsEncryptedMessage } = clientResponse;
       try {
-        await createOlmSession(
+        await createAndPersistOlmSession(
           initialNotificationsEncryptedMessage,
           'notifications',
           viewer.cookieID,
         );
       } catch (e) {
         continue;
       }
     }
   }
 
   const activityUpdatePromise: Promise<?UpdateActivityResult> = (async () => {
     if (activityUpdates.length === 0) {
       return undefined;
     }
     return await activityUpdater(viewer, { updates: activityUpdates });
   })();
 
   const serverRequests: Array<ServerServerRequest> = [];
 
   const checkOneTimeKeysPromise = (async () => {
     if (!viewer.loggedIn) {
       return;
     }
     const enoughOneTimeKeys = await checkIfSessionHasEnoughOneTimeKeys(
       viewer.session,
     );
     if (!enoughOneTimeKeys) {
       serverRequests.push({ type: serverRequestTypes.MORE_ONE_TIME_KEYS });
     }
   })();
 
   const { activityUpdateResult } = await promiseAll({
     all: Promise.all(promises),
     activityUpdateResult: activityUpdatePromise,
     checkOneTimeKeysPromise,
   });
 
   if (
     !stateCheckStatus &&
     viewer.loggedIn &&
     viewer.sessionLastValidated + sessionCheckFrequency < Date.now()
   ) {
     stateCheckStatus = { status: 'state_check' };
   }
 
   if (viewerMissingPlatform) {
     serverRequests.push({ type: serverRequestTypes.PLATFORM });
   }
   if (viewerMissingPlatformDetails) {
     serverRequests.push({ type: serverRequestTypes.PLATFORM_DETAILS });
   }
   return { serverRequests, stateCheckStatus, activityUpdateResult };
 }
 
 async function recordThreadInconsistency(
   viewer: Viewer,
   response: ThreadInconsistencyClientResponse,
 ): Promise<void> {
   const { type, ...rest } = response;
   const reportCreationRequest = ({
     ...rest,
     type: reportTypes.THREAD_INCONSISTENCY,
   }: ThreadInconsistencyReportCreationRequest);
   await createReport(viewer, reportCreationRequest);
 }
 
 async function recordEntryInconsistency(
   viewer: Viewer,
   response: EntryInconsistencyClientResponse,
 ): Promise<void> {
   const { type, ...rest } = response;
   const reportCreationRequest = ({
     ...rest,
     type: reportTypes.ENTRY_INCONSISTENCY,
   }: EntryInconsistencyReportCreationRequest);
   await createReport(viewer, reportCreationRequest);
 }
 
 type SessionInitializationResult =
   | { sessionContinued: false }
   | {
       sessionContinued: true,
       deltaEntryInfoResult: DeltaEntryInfosResponse,
       sessionUpdate: SessionUpdate,
     };
 async function initializeSession(
   viewer: Viewer,
   calendarQuery: CalendarQuery,
   oldLastUpdate: number,
 ): Promise<SessionInitializationResult> {
   if (!viewer.loggedIn) {
     return { sessionContinued: false };
   }
 
   if (!viewer.hasSessionInfo) {
     // If the viewer has no session info but is logged in, that is indicative
     // of an expired / invalidated session and we should generate a new one
     await setNewSession(viewer, calendarQuery, oldLastUpdate);
     return { sessionContinued: false };
   }
 
   if (oldLastUpdate < viewer.sessionLastUpdated) {
     // If the client has an older last_update than the server is tracking for
     // that client, then the client either had some issue persisting its store,
     // or the user restored the client app from a backup. Either way, we should
     // invalidate the existing session, since the server has assumed that the
     // checkpoint is further along than it is on the client, and might not still
     // have all of the updates necessary to do an incremental update
     await setNewSession(viewer, calendarQuery, oldLastUpdate);
     return { sessionContinued: false };
   }
 
   let comparisonResult = null;
   try {
     comparisonResult = compareNewCalendarQuery(viewer, calendarQuery);
   } catch (e) {
     if (e.message !== 'unknown_error') {
       throw e;
     }
   }
 
   if (comparisonResult) {
     const { difference, oldCalendarQuery } = comparisonResult;
     const sessionUpdate = {
       ...comparisonResult.sessionUpdate,
       lastUpdate: oldLastUpdate,
     };
     const deltaEntryInfoResult = await fetchEntriesForSession(
       viewer,
       difference,
       oldCalendarQuery,
     );
     return { sessionContinued: true, deltaEntryInfoResult, sessionUpdate };
   } else {
     await setNewSession(viewer, calendarQuery, oldLastUpdate);
     return { sessionContinued: false };
   }
 }
 
 type StateCheckResult = {
   sessionUpdate?: SessionUpdate,
   checkStateRequest?: ServerCheckStateServerRequest,
 };
 async function checkState(
   viewer: Viewer,
   status: StateCheckStatus,
 ): Promise<StateCheckResult> {
   if (status.status === 'state_validated') {
     return { sessionUpdate: { lastValidated: Date.now() } };
   } else if (status.status === 'state_check') {
     const promises = Object.fromEntries(
       values(serverStateSyncSpecs).map(spec => [
         spec.hashKey,
         (async () => {
           if (
             !hasMinCodeVersion(viewer.platformDetails, {
               native: 267,
               web: 32,
             })
           ) {
             const data = await spec.fetch(viewer);
             return hash(data);
           }
           const infosHash = await spec.fetchServerInfosHash(viewer);
           return infosHash;
         })(),
       ]),
     );
     const hashesToCheck = await promiseAll(promises);
     const checkStateRequest = {
       type: serverRequestTypes.CHECK_STATE,
       hashesToCheck,
     };
     return { checkStateRequest };
   }
 
   const invalidKeys = new Set(status.invalidKeys);
 
   const shouldFetchAll = Object.fromEntries(
     values(serverStateSyncSpecs).map(spec => [
       spec.hashKey,
       invalidKeys.has(spec.hashKey),
     ]),
   );
   const idsToFetch = Object.fromEntries(
     values(serverStateSyncSpecs)
       .filter(spec => spec.innerHashSpec?.hashKey)
       .map(spec => [spec.innerHashSpec?.hashKey, new Set<string>()]),
   );
   for (const key of invalidKeys) {
     const [innerHashKey, id] = key.split('|');
     if (innerHashKey && id) {
       idsToFetch[innerHashKey]?.add(id);
     }
   }
 
   const fetchPromises: { [string]: Promise<mixed> } = {};
   for (const spec of values(serverStateSyncSpecs)) {
     if (shouldFetchAll[spec.hashKey]) {
       fetchPromises[spec.hashKey] = spec.fetch(viewer);
     } else if (idsToFetch[spec.innerHashSpec?.hashKey]?.size > 0) {
       fetchPromises[spec.hashKey] = spec.fetch(
         viewer,
         idsToFetch[spec.innerHashSpec?.hashKey],
       );
     }
   }
   const fetchedData = await promiseAll(fetchPromises);
 
   const specPerHashKey = Object.fromEntries(
     values(serverStateSyncSpecs).map(spec => [spec.hashKey, spec]),
   );
   const specPerInnerHashKey = Object.fromEntries(
     values(serverStateSyncSpecs)
       .filter(spec => spec.innerHashSpec?.hashKey)
       .map(spec => [spec.innerHashSpec?.hashKey, spec]),
   );
   const hashesToCheck: { [string]: number } = {},
     failUnmentioned: { [string]: boolean } = {},
     stateChanges: { [string]: mixed } = {};
   for (const key of invalidKeys) {
     const spec = specPerHashKey[key];
     const innerHashKey = spec?.innerHashSpec?.hashKey;
     const isTopLevelKey = !!spec;
     if (isTopLevelKey && innerHashKey) {
       // Instead of returning all the infos, we want to narrow down and figure
       // out which infos don't match first
       const infos = fetchedData[key];
       // We have a type error here because in fact the relationship between
       // Infos and Info is not guaranteed to be like this. In particular,
       // currentUserStateSyncSpec does not match this pattern. But this code
       // doesn't fire for it because no innerHashSpec is defined
       const iterableInfos: { +[string]: mixed } = (infos: any);
       for (const infoID in iterableInfos) {
         let hashValue;
         if (
           hasMinCodeVersion(viewer.platformDetails, {
             native: 267,
             web: 32,
           })
         ) {
           // We have a type error here because Flow has no way to determine that
           // spec and infos are matched up
           hashValue = spec.getServerInfoHash((iterableInfos[infoID]: any));
         } else {
           hashValue = hash(iterableInfos[infoID]);
         }
         hashesToCheck[`${innerHashKey}|${infoID}`] = hashValue;
       }
       failUnmentioned[key] = true;
     } else if (isTopLevelKey) {
       stateChanges[key] = fetchedData[key];
     } else {
       const [keyPrefix, id] = key.split('|');
       const innerSpec = specPerInnerHashKey[keyPrefix];
       const innerHashSpec = innerSpec?.innerHashSpec;
       if (!innerHashSpec || !id) {
         continue;
       }
       const infos = fetchedData[innerSpec.hashKey];
       // We have a type error here because in fact the relationship between
       // Infos and Info is not guaranteed to be like this. In particular,
       // currentUserStateSyncSpec does not match this pattern. But this code
       // doesn't fire for it because no innerHashSpec is defined
       const iterableInfos: { +[string]: mixed } = (infos: any);
       const info = iterableInfos[id];
       // We have a type error here because Flow wants us to type iterableInfos
       // in this file, but we don't have access to the parameterization of
       // innerHashSpec here
       if (!info || innerHashSpec.additionalDeleteCondition?.((info: any))) {
         if (!stateChanges[innerHashSpec.deleteKey]) {
           stateChanges[innerHashSpec.deleteKey] = [id];
         } else {
           // We have a type error here because in fact stateChanges values
           // aren't always arrays. In particular, currentUserStateSyncSpec does
           // not match this pattern. But this code doesn't fire for it because
           // no innerHashSpec is defined
           const curDeleteKeyChanges: Array<mixed> = (stateChanges[
             innerHashSpec.deleteKey
           ]: any);
           curDeleteKeyChanges.push(id);
         }
         continue;
       }
       if (!stateChanges[innerHashSpec.rawInfosKey]) {
         stateChanges[innerHashSpec.rawInfosKey] = [info];
       } else {
         // We have a type error here because in fact stateChanges values aren't
         // always arrays. In particular, currentUserStateSyncSpec does not match
         // this pattern. But this code doesn't fire for it because no
         // innerHashSpec is defined
         const curRawInfosKeyChanges: Array<mixed> = (stateChanges[
           innerHashSpec.rawInfosKey
         ]: any);
         curRawInfosKeyChanges.push(info);
       }
     }
   }
 
   // We have a type error here because the keys that get set on some of these
   // collections aren't statically typed when they're set. Rather, they are set
   // as arbitrary strings
   const checkStateRequest: ServerCheckStateServerRequest = ({
     type: serverRequestTypes.CHECK_STATE,
     hashesToCheck,
     failUnmentioned,
     stateChanges,
   }: any);
   if (Object.keys(hashesToCheck).length === 0) {
     return { checkStateRequest, sessionUpdate: { lastValidated: Date.now() } };
   } else {
     return { checkStateRequest };
   }
 }
 
 export {
   clientResponseInputValidator,
   processClientResponses,
   initializeSession,
   checkState,
 };