public ClientSession getClientSession(String activationToken) {
    if (!StringUtils.hasValue(activationToken)) {
      m_logCategory.warn("activationToken is required");
      return null;
    }

    File file = getSessionFile(activationToken);
    if (!file.exists()) {
      // Can't assume it's an authentication problem -- session file is removed
      // during active->recovery transition.
      // If this occurs, the client gets a 401 and will call into 'transition' or 'checkin'.
      LogMessageGen lmg = new LogMessageGen();
      lmg.setSubject("Session file not found");
      lmg.param(LoggingConsts.FILENAME, file.getAbsolutePath());
      m_logCategory.info(lmg.toString());
      return null;
    }
    try {
      ClientSession clientSession = null;
      clientSession = new ClientSession();
      clientSession.read(file);
      clientSession.setActivationToken(activationToken);
      return clientSession;
    } catch (IOException ioe) {
      // Possible if the state file was removed after the file.exists() above,
      // or some other problem.
      // info, not warning because a client could ask for this file right when
      // the session is being removed.  The client will then do a 'checkin',
      // same as described above.
      LogMessageGen lmg = new LogMessageGen();
      lmg.setSubject("Unable to read session file");
      lmg.param(LoggingConsts.FILENAME, file.getAbsolutePath());
      m_logCategory.info(lmg.toString(), ioe);
    }
    return null;
  }
  public ClientSession createClientSession(IClientInfo client, String clientType) {

    // Both OE and BB share the session file.  Don't stomp an existing file.
    if (client == null || !client.isConfigured()) {
      throw new IllegalStateException("Client not configured.");
    }

    clientType = clientType == null ? "" : clientType;

    ClientSession session = null;
    String tmpName = null;
    String targetName = null;
    try {
      File targetFile = getSessionFile(client.getLastActivationToken());
      targetName = targetFile.getAbsolutePath();
      if (targetFile.exists()) {
        session = new ClientSession();
        session.read(targetFile);
        if (session.getLastActivationId() != client.getLastActivationId()
            || session.getUserId() != client.getUserId()) {
          // Existing session file found but it's clearly not ours.
          // A hash collision is improbable.  If this occurs, its more likely to be a
          // bug.  We can't safely rewrite the session file because another client
          // might later call getClientSession() and read our email.
          // This is a support concern.
          LogMessageGen lmg = new LogMessageGen();
          lmg.setSubject("Found existing session, but the content is unexpected.");
          lmg.param(LoggingConsts.FILENAME, targetFile.getAbsolutePath());
          m_logCategory.error(lmg.toString());
          throw new ClientServiceException("");
        }
        session.setActivationToken(client.getLastActivationToken());
      } // targetFile already found.

      if (session == null) {
        UserAccount user = m_userService.getUserAccount(client.getCustomerId(), client.getUserId());
        session = client.createSession(user);

        // What if the BB and OE create a session at the same time?
        // This ensures a unique filename.
        // The client who does the last renameTo() below wins the race
        // and that becomes the common session file.

        tmpName = targetFile.getAbsolutePath() + "_tmp_" + clientType;
        File tmpFile = new File(tmpName);
        session.write(tmpFile);

        // If 'targetFile' already exists it'll get clobbered.
        // Makes the session targetFile generation atomic.
        boolean ok = FileUtils.clobberingRename(tmpFile, targetFile);
        if (!ok) {
          throw new IOException("Rename failed");
        }
      } // need to create session.
    } catch (Exception ex) {
      if (ex instanceof ClientServiceException) {
        // We already logged it.
        throw (ClientServiceException) ex;
      }
      LogMessageGen lmg = new LogMessageGen();
      lmg.setSubject("Unable to generate session file.");
      lmg.param(LoggingConsts.USER_ID, client.getUserId());
      lmg.param(LoggingConsts.TEMP_NAME, tmpName);
      lmg.param(LoggingConsts.FILENAME, targetName);

      m_logCategory.error(lmg.toString(), ex);
      throw new ClientServiceException("");
    }
    return session;
  }