diff --git a/.gitignore b/.gitignore
index 3e15c5f..d840e32 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,5 @@
 /note-data/*
 /logs/*
 /node_modules/*
+/tmp/*
+.vimrc
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..57aff83
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,19 @@
+FROM node:6.10.0-slim
+
+EXPOSE 3000
+
+RUN mkdir -p /usr/src/app
+WORKDIR /usr/src/app
+RUN mkdir -p /usr/src/app/db
+VOLUME ["/usr/src/app/db"]
+
+RUN npm install -g nodemon
+RUN apt-get update && apt-get install -y vim git
+COPY .vimrc /root/.vimrc
+
+COPY package.json /usr/src/app/
+COPY . /usr/src/app
+RUN npm install
+
+# Use nodemon to start app.
+CMD [ "nodemon" ]
diff --git a/nodemon.json b/nodemon.json
new file mode 100644
index 0000000..56fa7fa
--- /dev/null
+++ b/nodemon.json
@@ -0,0 +1,7 @@
+{
+    "ignore": [
+        "tmp/*",
+        "db/*",
+        "logs/*"
+    ]
+}
diff --git a/package.json b/package.json
index 8810d20..6ac8fec 100644
--- a/package.json
+++ b/package.json
@@ -3,20 +3,14 @@
   "version": "0.0.1",
   "dependencies": {
     "body-parser": "^1.12.4",
-    "connect-ensure-login": "^0.1.1",
-    "cookie-parser": "^1.4.3",
-    "express": "^4.12.4",
-    "express-hbs": "^0.8.4",
+    "express": "=4.15.2",
     "express-session": "^1.13.0",
-    "handlebars-form-helpers": "^0.1.3",
-    "moment-timezone": "^0.4.0",
-    "nodemailer": "^1.3.4",
     "passport": "^0.3.2",
     "passport-local": "^1.0.0",
-    "pg": "^4.4.3",
     "serve-favicon": "^2.3.0",
+    "session-file-store": "^1.0.0",
     "socket.io": "^1.5.1",
-    "sqlite3": "^3.0.8",
+    "socket.io-express-session": "^0.1.3",
     "winston": "^2.1.1"
   },
   "scripts": {
diff --git a/server.js b/server.js
index ab81ce0..f2c8ec9 100644
--- a/server.js
+++ b/server.js
@@ -9,7 +9,7 @@ var fileSystem = require('fs');
 var notePath = __dirname + '/note-data/allNotes.txt';
 var favicon = require('serve-favicon');
 app.use(favicon(__dirname + '/assets/favicon.ico'));  // Put this before setting static dir.
-app.use(express.static('assets'));
+app.use(express.static(__dirname + '/assets'));
 
 /*-----------------------------------------
 Ordering of these configs is important, don't shuffle them around.
@@ -17,13 +17,12 @@ Ordering of these configs is important, don't shuffle them around.
 var passport = require('passport');
 var Strategy = require('passport-local').Strategy;
 var db = require('./db');
-var cookieParser = require('cookie-parser');
-app.use(cookieParser());
-var sessionStore = new require('express-session').MemoryStore();
-var session = require('express-session')({ secret: 'here kitty kitty', resave: false, saveUninitialized: false, store: sessionStore });
+var Session = require('express-session');
+var SessionStore = require('session-file-store')(Session);
+var session = Session({ secret: 'here kitty kitty', resave: false, saveUninitialized: false, store: new SessionStore({path: __dirname+'/tmp/sessions'}) });
 app.use(session);
-//----------------------------
 
+//----------------------------
 // Configure the local strategy for use by Passport.
 // The local strategy require a `verify` function which receives the credentials
 // (`username` and `password`) submitted by the user.  The function must verify
@@ -39,6 +38,7 @@ passport.use(new Strategy(
       return cb(null, user);
     });
   }));
+
 // Configure Passport authenticated session persistence.
 //
 // In order to restore authentication state across HTTP requests, Passport needs
@@ -74,12 +74,12 @@ var isAuthenticated = function (req, res, next) {
 app.get('/', isAuthenticated, function(req, res){
     winston.info("GET /");
     // Respond with static file, contents will be loaded via websocket.
-    res.sendFile(__dirname +'/views/index.html');
+    res.sendFile('index.html', { root: __dirname + '/views/' });
 });
 
 app.get('/login', function(req, res){
     winston.info('GET /login');
-    res.sendFile(__dirname +'/views/login.html');
+    res.sendFile('login.html', { root: __dirname + '/views/' });
 });
   
 app.post('/login', 
@@ -96,6 +96,37 @@ app.get('/logout', function(req, res){
 
 var http = require('http').Server(app);
 var io = require('socket.io')(http);
+
+//io.set('authorization', function (handshakeData, accept) {
+    //if (handshakeData.headers.cookie) {
+	//if (handshakeData.headers.cookie) {
+            //winston.info('cookie object test, ' + handshakeData.headers.cookie);
+	    //winston.info('parse test 1, ' + cookieParser.signedCookies(handshakeData.headers.cookie, 'here kitty kitty'));
+	    //winston.info('parse test 2, ' + cookieParser.signedCookie(handshakeData.headers.cookie['connect.sid'], 'here kitty kitty'));
+	    //winston.info('parse test 3, ' + cookieParser.signedCookie(handshakeData.headers.cookie, 'here kitty kitty'));
+	    //handshakeData.sessionID = cookieParser.signedCookie(handshakeData.headers.cookie['connect.sid'], 'here kitty kitty');
+            //winston.info('sess test 1, ' + session);  // this prints alot!
+            //winston.info('sess test 2, ' + session.id);  // undefined
+            //winston.info('Got session ID = ' + handshakeData.sessionID);  // undefined
+	    // save the session store to the data object 
+	    // (as required by the Session constructor)
+	    //handshakeData.sessionStore = session.store;
+	    //session.store.get(handshakeData.sessionID, function (err, session) {
+		//if (err || !session) {
+		    //accept('Error', false);
+		//} else {
+		    // create a session object, passing data as request and our
+		    // just acquired session data
+		    //handshakeData.session = new Session(handshakeData, session);
+		    //accept(null, true);
+		//}
+	    //});
+	//} else {
+	    //return accept('No cookie transmitted.', false);
+	//}
+    //}
+//});
+
 io.on('connection', function(socket){
     //winston.info('a user connected');
     fileSystem.readFile(notePath, {encoding: 'utf-8'}, function(err,data){
@@ -122,15 +153,14 @@ io.on('connection', function(socket){
                         git checkout master && \
                         git merge ${now}
                     `;
-                    winston.info(cmd);
+                    //winston.info(cmd);
                     exec(cmd, function(error, stdout, stderr) {
                         if (error) { winston.error(error); }
                         if (!stdout.includes('CONFLICT')) {   // Case-sensitivity seems brittle here. Better to check return code rather than stdout? Can child_process be called w/signature to include return code?
                             var cmd2 = `cd note-data && git branch -d ${now}`
                             exec(cmd2, function(error, stdout, stderr) {
                                 if (error) { winston.error(error); }
-                                winston.info('temp branch deleted sucessfully');
-                                winston.info('new contents from client written to allNotes.txt');
+                                winston.info('temp branch deleted; new content written to allNotes.txt');
                                 // Send new content to all other clients EXCEPT the orig sender.
                                 socket.broadcast.emit('download allNotes',msg);
                                 winston.info('sent content update to other clients');