diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
index 9446836d5..6546faf64 100644
--- a/webgoat-container/pom.xml
+++ b/webgoat-container/pom.xml
@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 
     <name>webgoat-container</name>
     <modelVersion>4.0.0</modelVersion>
@@ -112,6 +113,41 @@
             </resource>
         </resources>
         <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>${maven-jar-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <id>create-jar</id>
+                        <phase>compile</phase>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <version>${build-helper-maven-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <id>attach-artifacts</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>attach-artifact</goal>
+                        </goals>
+                        <configuration>
+                            <artifacts>
+                                <artifact>
+                                    <file>${project.build.directory}/webgoat-container-${project.version}.jar</file>
+                                </artifact>
+                            </artifacts>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-resources-plugin</artifactId>
@@ -133,20 +169,6 @@
                     <encoding>ISO-8859-1</encoding>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-                <version>${maven-jar-plugin.version}</version>
-                <executions>
-                    <execution>
-                        <id>create-jar</id>
-                        <phase>compile</phase>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
@@ -160,6 +182,21 @@
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                        <configuration>
+                            <requiresUnpack>
+                                <dependency>
+                                    <groupId>org.thymeleaf.extra</groupId>
+                                    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
+                                </dependency>
+                            </requiresUnpack>
+                        </configuration>
+                    </execution>
+                </executions>
             </plugin>
         </plugins>
     </build>
@@ -184,10 +221,14 @@
             <optional>true</optional>
         </dependency>
         <!--<dependency>-->
-            <!--<groupId>org.springframework.boot</groupId>-->
-            <!--<artifactId>spring-boot-devtools</artifactId>-->
-            <!--<optional>true</optional>-->
+        <!--<groupId>org.springframework.boot</groupId>-->
+        <!--<artifactId>spring-boot-devtools</artifactId>-->
+        <!--<optional>true</optional>-->
         <!--</dependency>-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-loader</artifactId>
+        </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>jstl</artifactId>
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
index 144899c78..e8f2cb828 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
@@ -8,10 +8,8 @@ import org.owasp.webgoat.session.ErrorScreen;
 import org.owasp.webgoat.session.Screen;
 import org.owasp.webgoat.session.UserTracker;
 import org.owasp.webgoat.session.WebSession;
-import org.owasp.webgoat.session.WebgoatContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.core.io.ClassPathResource;
 
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
@@ -62,42 +60,18 @@ import java.util.TimeZone;
  */
 public class HammerHead extends HttpServlet {
 
-    final Logger logger = LoggerFactory.getLogger(HammerHead.class);
-
-
-    /**
-     *
-     */
     private static final long serialVersionUID = 645640331343188020L;
+    private static SimpleDateFormat httpDateFormat;
+    private final Logger logger = LoggerFactory.getLogger(HammerHead.class);
+    private WebSession webSession;
 
-    /**
-     * Description of the Field
-     */
-    protected static SimpleDateFormat httpDateFormat;
-
-    /**
-     * Set the session timeout to be 2 days
-     */
-    private final static int sessionTimeoutSeconds = 60 * 60 * 24 * 2;
-
-    // private final static int sessionTimeoutSeconds = 1;
-    /**
-     * Properties file path
-     */
-    public static String propertiesPath = null;
-
-    /**
-     * provides convenience methods for getting setup information from the
-     * ServletContext
-     */
-    private WebgoatContext webgoatContext = null;
-
-    public HammerHead(WebgoatContext context) {
-        this.webgoatContext = context;
+    public HammerHead() {
+        //for catcher subclass
     }
 
-    //TODO_NB
-    public HammerHead() {}
+    public HammerHead(WebSession webSession) {
+        this.webSession = webSession;
+    }
 
     /**
      * {@inheritDoc}
@@ -250,7 +224,6 @@ public class HammerHead extends HttpServlet {
         logger.info("Initializing main webgoat servlet");
         httpDateFormat = new SimpleDateFormat("EEE, dd MMM yyyyy HH:mm:ss z", Locale.US);
         httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
-        propertiesPath = new ClassPathResource("/WEB-INF/webgoat.properties").getPath();
     }
 
     /**
@@ -348,25 +321,6 @@ public class HammerHead extends HttpServlet {
         return (screen);
     }
 
-    /**
-     * This method sets the required expiration headers in the response for a
-     * given RunData object. This method attempts to set all relevant headers,
-     * both for HTTP 1.0 and HTTP 1.1.
-     *
-     * @param response The new cacheHeaders value
-     * @param expiry The new cacheHeaders value
-     */
-    protected static void setCacheHeaders(HttpServletResponse response, int expiry) {
-        if (expiry == 0) {
-            response.setHeader("Pragma", "no-cache");
-            response.setHeader("Cache-Control", "no-cache");
-            response.setHeader("Expires", formatHttpDate(new Date()));
-        } else {
-            Date expiryDate = new Date(System.currentTimeMillis() + expiry);
-            response.setHeader("Expires", formatHttpDate(expiryDate));
-        }
-    }
-
     /**
      * Description of the Method
      *
@@ -382,10 +336,11 @@ public class HammerHead extends HttpServlet {
         // session should already be created by spring security
         hs = request.getSession(false);
 
+        //TODO rewrite this logic
         logger.debug("HH Entering Session_id: " + hs.getId());
         // dumpSession( hs );
         // Get our session object out of the HTTP session
-        WebSession session = null;
+        WebSession session = this.webSession;
         Object o = hs.getAttribute(WebSession.SESSION);
 
         if ((o != null) && o instanceof WebSession) {
@@ -394,13 +349,11 @@ public class HammerHead extends HttpServlet {
         } else {
             // Create new custom session and save it in the HTTP session
             logger.warn("HH Creating new WebSession");
-            session = new WebSession(webgoatContext, context);
             // Ensure splash screen shows on any restart
             // rlawson - removed this since we show splash screen at login now
             //hs.removeAttribute(WELCOMED);
+            //@TODO NO NEED TO PUT IN THE HTTP SESSION, FOCUS WILL FIX LATER
             hs.setAttribute(WebSession.SESSION, session);
-            // reset timeout
-            hs.setMaxInactiveInterval(sessionTimeoutSeconds);
         }
 
         session.update(request, response, this.getServletName());
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
index 1075e6c3d..208e900ba 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
@@ -1,18 +1,17 @@
 package org.owasp.webgoat;
 
 import org.owasp.webgoat.session.LabelDebugger;
-import org.owasp.webgoat.session.WebgoatContext;
+import org.owasp.webgoat.session.WebSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.context.embedded.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.Resource;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
 import java.io.File;
-import java.io.IOException;
 
 /**
  *
@@ -20,10 +19,15 @@ import java.io.IOException;
 @Configuration
 public class MvcConfiguration extends WebMvcConfigurerAdapter {
 
+    @Autowired
+    @Qualifier("pluginTargetDirectory")
+    private File pluginTargetDirectory;
+
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {
         registry.addViewController("/login").setViewName("login");
         registry.addViewController("/lesson_content").setViewName("lesson_content");
+        registry.addViewController("/start.mvc").setViewName("main_new");
     }
 
     @Bean
@@ -33,23 +37,15 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
 
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
-        Resource resource = new ClassPathResource("/plugin_lessons/plugin_lessons_marker.txt");
-        try {
-            File pluginsDir = resource.getFile().getParentFile();
-            registry.addResourceHandler("/plugin_lessons/**").addResourceLocations("file:///" + pluginsDir.toString() + "/");
-        } catch (IOException e) {
-            e.printStackTrace();
-        }
-
+        registry.addResourceHandler("/plugin_lessons/**").addResourceLocations("file:///" + pluginTargetDirectory.toString() + "/");
     }
 
     @Bean
-    public HammerHead hammerHead(WebgoatContext context) {
-        return new HammerHead(context);
+    public HammerHead hammerHead(WebSession webSession) {
+        return new HammerHead(webSession);
     }
 
     @Bean
-    //@Scope(value= WebApplicationContext.SCOPE_SESSION)
     public LabelDebugger labelDebugger() {
         return new LabelDebugger();
     }
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
index 013f464a2..615cc4122 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
@@ -1,11 +1,25 @@
 package org.owasp.webgoat;
 
+import org.owasp.webgoat.plugins.PluginsLoader;
+import org.owasp.webgoat.session.Course;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.session.WebgoatContext;
+import org.owasp.webgoat.session.WebgoatProperties;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.context.web.SpringBootServletInitializer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.context.annotation.Scope;
+import org.springframework.context.annotation.ScopedProxyMode;
+
+import javax.servlet.ServletContext;
+import java.io.File;
 
 @SpringBootApplication
+@PropertySource("classpath:/webgoat.properties")
 public class WebGoat extends SpringBootServletInitializer {
 
     @Override
@@ -17,28 +31,31 @@ public class WebGoat extends SpringBootServletInitializer {
         SpringApplication.run(WebGoat.class, args);
     }
 
-//    @Bean
-//    @Autowired
-//    public TomcatEmbeddedServletContainerFactory servletContainer(final JarScanner jarScanner) {
-//        TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory();
-//        factory.setPort(80);
-//        factory.setSessionTimeout(10, TimeUnit.MINUTES);
-//        factory.addContextCustomizers(new TomcatContextCustomizer() {
-//            @Override
-//            public void customize(Context context) {
-//
-//                context.setJarScanner(jarScanner);
-//            }
-//        });
-//        return factory;
-//    }
-//
-//    @Bean
-//    public JarScanner getJarScanner() {
-//        StandardJarScanner jarScanner = new StandardJarScanner();
-//        jarScanner.setScanClassPath(true);
-//        return jarScanner;
-//    }
+    @Bean(name = "pluginTargetDirectory")
+    public File pluginTargetDirectory() {
+        File tempDir = com.google.common.io.Files.createTempDir();
+        tempDir.deleteOnExit();
+        return tempDir;
+    }
 
+    @Bean
+    public PluginsLoader pluginsLoader(@Qualifier("pluginTargetDirectory") File pluginTargetDirectory) {
+        System.out.println("Plugin target directory: " + pluginTargetDirectory.toString());
+        return new PluginsLoader(pluginTargetDirectory);
+    }
 
+    @Bean
+    @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
+    public WebSession webSession(Course course, WebgoatContext webgoatContext, ServletContext context) {
+        return new WebSession(course, webgoatContext, context);
+    }
+
+    @Bean
+    public Course course(PluginsLoader pluginsLoader, WebgoatContext webgoatContext, ServletContext context,
+                         WebgoatProperties webgoatProperties) {
+        Course course = new Course(webgoatProperties);
+        course.loadCourses(webgoatContext, context, "/");
+        course.loadLessonFromPlugin(pluginsLoader.loadPlugins());
+        return course;
+    }
 }
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/application/Application.java b/webgoat-container/src/main/java/org/owasp/webgoat/application/Application.java
deleted file mode 100644
index b9667b0c8..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/application/Application.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
-package org.owasp.webgoat.application;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.lang3.builder.ToStringBuilder;
-
-/**
- * Singleton which is created on context startup
- *
- * @author rlawson
- * @version $Id: $Id
- */
-//TODO_NB still necessary?
-public class Application {
-
-    private static final Application INSTANCE = new Application();
-
-    private Application() {
-
-    }
-
-    /**
-     * <p>getInstance.</p>
-     *
-     * @return a {@link org.owasp.webgoat.application.Application} object.
-     */
-    public static final Application getInstance() {
-        return INSTANCE;
-    }
-
-    private String version = "SNAPSHOT";
-    private String build = "local";
-    private String name = "WebGoat";
-
-    /**
-     * <p>Getter for the field <code>version</code>.</p>
-     *
-     * @return the version
-     */
-    public String getVersion() {
-        return version;
-    }
-
-    /**
-     * <p>Setter for the field <code>version</code>.</p>
-     *
-     * @param version the version to set
-     */
-    public void setVersion(String version) {
-        if (StringUtils.isNotBlank(version)) {
-            this.version = version;
-        }
-    }
-
-    /**
-     * <p>Getter for the field <code>build</code>.</p>
-     *
-     * @return the build
-     */
-    public String getBuild() {
-        return build;
-    }
-
-    /**
-     * <p>Setter for the field <code>build</code>.</p>
-     *
-     * @param build the build to set
-     */
-    public void setBuild(String build) {
-        if (StringUtils.isNotBlank(build)) {
-            this.build = build;
-        }
-    }
-
-    /**
-     * <p>Getter for the field <code>name</code>.</p>
-     *
-     * @return the name
-     */
-    public String getName() {
-        return name;
-    }
-
-    /**
-     * <p>Setter for the field <code>name</code>.</p>
-     *
-     * @param name the name to set
-     */
-    public void setName(String name) {
-        if (StringUtils.isNotBlank(name)) {
-            this.name = name;
-        }
-    }
-
-    /** {@inheritDoc} */
-    @Override
-    public String toString() {
-        return new ToStringBuilder(this).
-                append("name", name).
-                append("version", version).
-                append("build", build).
-                toString();
-    }
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java b/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java
index 76f41f176..2e202c812 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java
@@ -6,7 +6,6 @@
 package org.owasp.webgoat.application;
 
 import org.owasp.webgoat.lessons.LessonServletMapping;
-import org.owasp.webgoat.plugins.PluginsLoader;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.config.BeanDefinition;
@@ -17,16 +16,11 @@ import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
 import javax.servlet.ServletRegistration;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.file.Paths;
 import java.sql.Driver;
 import java.sql.DriverManager;
 import java.sql.SQLException;
 import java.util.Enumeration;
 import java.util.Set;
-import java.util.jar.Attributes;
-import java.util.jar.Manifest;
 
 /**
  * Web application lifecycle listener.
@@ -43,10 +37,7 @@ public class WebGoatServletListener implements ServletContextListener {
     public void contextInitialized(ServletContextEvent sce) {
         ServletContext context = sce.getServletContext();
         context.log("WebGoat is starting");
-        setApplicationVariables(context);
         context.log("Adding extra mappings for lessions");
-
-        loadPlugins(sce);
         loadServlets(sce);
     }
 
@@ -68,12 +59,6 @@ public class WebGoatServletListener implements ServletContextListener {
         }
     }
 
-    private void loadPlugins(ServletContextEvent sce) {
-        String pluginPath = sce.getServletContext().getRealPath("plugin_lessons");
-        String targetPath = sce.getServletContext().getRealPath("plugin_extracted");
-        new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).loadPlugins();
-    }
-
     /** {@inheritDoc} */
     @Override
     public void contextDestroyed(ServletContextEvent sce) {
@@ -101,21 +86,4 @@ public class WebGoatServletListener implements ServletContextListener {
             }
         }
     }
-
-    private void setApplicationVariables(ServletContext context) {
-        Application app = Application.getInstance();
-        try {
-            InputStream inputStream = context.getResourceAsStream("/META-INF/MANIFEST.MF");
-            Manifest manifest = new Manifest(inputStream);
-            Attributes attr = manifest.getMainAttributes();
-            String name = attr.getValue("Specification-Title");
-            String version = attr.getValue("Specification-Version");
-            String build = attr.getValue("Implementation-Version");
-            app.setName(name);
-            app.setVersion(version);
-            app.setBuild(build);
-        } catch (IOException ioe) {
-            context.log("Error setting application variables", ioe);
-        }
-    }
 }
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Start.java b/webgoat-container/src/main/java/org/owasp/webgoat/controller/Start.java
deleted file mode 100644
index d2a645d37..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Start.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
-package org.owasp.webgoat.controller;
-
-import org.apache.commons.lang3.StringUtils;
-import org.owasp.webgoat.application.Application;
-import org.owasp.webgoat.session.WebSession;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.servlet.ModelAndView;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import java.util.Collection;
-
-/**
- * <p>Start class.</p>
- *
- * @author rlawson
- * @version $Id: $Id
- */
-@Controller
-public class Start {
-
-    final Logger logger = LoggerFactory.getLogger(Start.class);
-
-    private static final String WELCOMED = "welcomed";
-
-    @Autowired
-    private ServletContext servletContext;
-
-    /**
-     * <p>start.</p>
-     *
-     * @param request a {@link javax.servlet.http.HttpServletRequest} object.
-     * @return a {@link org.springframework.web.servlet.ModelAndView} object.
-     */
-    @RequestMapping(path = "start.mvc", method = {RequestMethod.GET, RequestMethod.POST})
-    public ModelAndView start(HttpServletRequest request) {
-
-        ModelAndView model = new ModelAndView();
-        // make sure session is set up correctly
-        // if not redirect user to login
-        if (checkWebSession(request.getSession()) == false) {
-            model.setViewName("redirect:/login.mvc");
-            return model;
-        }
-        String role = getRole();
-        String user = request.getUserPrincipal().getName();
-        model.addObject("role", role);
-        model.addObject("user", user);
-
-        String contactEmail = servletContext.getInitParameter("email");
-        model.addObject("contactEmail", contactEmail);
-        String emailList = servletContext.getInitParameter("emaillist");
-        model.addObject("emailList", emailList);
-
-        Application app = Application.getInstance();
-        logger.info("Setting application properties: " + app);
-        model.addObject("version", app.getVersion());
-        model.addObject("build", app.getBuild());
-
-        // if everything ok then go to webgoat UI
-        model.setViewName("main_new");
-        return model;
-    }
-
-    private String getRole() {
-        Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>) SecurityContextHolder.getContext().getAuthentication().getAuthorities();
-        String role = "N/A";
-        for (GrantedAuthority authority : authorities) {
-            authority.getAuthority();
-            role = authority.getAuthority();
-            role = StringUtils.lowerCase(role);
-            role = StringUtils.remove(role, "role_");
-            break;
-        }
-        return role;
-    }
-
-    /**
-     * <p>checkWebSession.</p>
-     *
-     * @param session a {@link javax.servlet.http.HttpSession} object.
-     * @return a boolean.
-     */
-    public boolean checkWebSession(HttpSession session) {
-        Object o = session.getAttribute(WebSession.SESSION);
-        if (o == null) {
-            logger.error("No valid WebSession object found, has session timed out? [" + session.getId() + "]");
-            return false;
-        }
-        if (!(o instanceof WebSession)) {
-            logger.error("Invalid WebSession object found, this is probably a bug! [" + o.getClass() + " | " + session.getId() + "]");
-            return false;
-        }
-        return true;
-    }
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
index 9910a2315..bd0cd65df 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
@@ -164,15 +164,11 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
         setRanking(new Integer(properties.getIntProperty("lesson." + className + ".ranking", getDefaultRanking()
                 .intValue())));
         String categoryRankingKey = "category." + getDefaultCategory().getName() + ".ranking";
-        // System.out.println("Category ranking key: " + categoryRankingKey);
         Category tempCategory = Category.getCategory(getDefaultCategory().getName());
         tempCategory.setRanking(new Integer(properties.getIntProperty(categoryRankingKey, getDefaultCategory()
                 .getRanking().intValue())));
         category = tempCategory;
         setHidden(properties.getBooleanProperty("lesson." + className + ".hidden", getDefaultHidden()));
-        // System.out.println(className + " in " + tempCategory.getName() + "
-        // (Category Ranking: " + tempCategory.getRanking() + " Lesson ranking:
-        // " + getRanking() + ", hidden:" + hidden +")");
     }
 
     /**
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java
index 99e0fecd0..bc5083b1e 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java
@@ -150,7 +150,7 @@ public class LegacyLoader {
     public void loadFiles(ServletContext context, String path) {
         logger.debug("Loading files into cache, path: " + path);
         Resource resource = new ClassPathResource("/");
-
+        //resource.get
         Set resourcePaths = null;
         if (resourcePaths == null) {
             logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
@@ -216,7 +216,7 @@ public class LegacyLoader {
                    // logger.error("Error in loadLessons: ", e);
                 }
         }
-      //  loadResources(lessons);
+        loadResources(lessons);
         return lessons;
     }
 
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
index ca17fd7cc..8455c8118 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
@@ -52,8 +52,6 @@ public class Plugin {
 
     private void findLesson(String name) {
         String realClassName = StringUtils.trimLeadingCharacter(name, '/').replaceAll("/", ".").replaceAll(".class", "");
-        //TODO should be passed in (refactor)
-        //TomcatEmbeddedWebappClassLoader cl = (TomcatEmbeddedWebappClassLoader) Thread.currentThread().getContextClassLoader();
 
         try {
             Class clazz = classLoader.loadClass(realClassName);
@@ -95,19 +93,18 @@ public class Plugin {
     public void rewritePaths(Path pluginTarget) {
         try {
             replaceInFiles(this.lesson.getSimpleName() + "_files",
-                    pluginTarget.getFileName().toString() + "/plugin/" + this.lesson
+                    "plugin_lessons/plugin/" + this.lesson
                             .getSimpleName() + "/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files",
                     solutionLanguageFiles.values());
             replaceInFiles(this.lesson.getSimpleName() + "_files",
-                    pluginTarget.getFileName().toString() + "/plugin/" + this.lesson
+                    "plugin_lessons/plugin/" + this.lesson
                             .getSimpleName() + "/lessonPlans/en/" + this.lesson.getSimpleName() + "_files",
                     lessonPlansLanguageFiles.values());
 
             String[] replacements = {"jsp", "js"};
             for (String replacement : replacements) {
                 String s = String.format("plugin/%s/%s/", this.lesson.getSimpleName(), replacement);
-                String r = String.format("%s/plugin/%s/%s/", pluginTarget.getFileName().toString(),
-                        this.lesson.getSimpleName(), replacement);
+                String r = String.format("plugin_lessons/plugin/s/%s/", this.lesson.getSimpleName(), replacement);
                 replaceInFiles(s, r, pluginFiles);
                 replaceInFiles(s, r, Arrays.asList(lessonSourceFile));
             }
@@ -115,7 +112,7 @@ public class Plugin {
             //CSS with url('/plugin/images') should not begin with / otherwise image cannot be found
             String s = String.format("/plugin/%s/images/", this.lesson.getSimpleName());
             String r = String
-                    .format("%s/plugin/%s/images/", pluginTarget.getFileName().toString(), this.lesson.getSimpleName());
+                    .format("plugin_lessons/plugin/%s/images/", this.lesson.getSimpleName());
             replaceInFiles(s, r, pluginFiles);
             replaceInFiles(s, r, Arrays.asList(lessonSourceFile));
         } catch (IOException e) {
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
index ba5df6475..e1f24f4c2 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
@@ -5,82 +5,66 @@ import org.apache.commons.io.FileUtils;
 import org.owasp.webgoat.util.LabelProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
 import org.springframework.util.ResourceUtils;
 
+import java.io.File;
+import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
 import java.net.URL;
 import java.nio.file.FileVisitResult;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
+import java.util.Enumeration;
 import java.util.List;
-import java.util.Objects;
 import java.util.concurrent.Callable;
 import java.util.concurrent.CompletionService;
 import java.util.concurrent.ExecutorCompletionService;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
+import java.util.jar.JarFile;
+import java.util.zip.ZipEntry;
 
 /**
  * <p>PluginsLoader class.</p>
  *
- * @version $Id: $Id
  * @author dm
+ * @version $Id: $Id
  */
+@Component
 public class PluginsLoader {
 
     private static final String WEBGOAT_PLUGIN_EXTENSION = "jar";
-    private static boolean alreadyLoaded = false;
+    private static final int BUFFER_SIZE = 32 * 1024;
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
-    private final Path pluginSource;
-    private Path pluginTarget;
+    private final File pluginTargetDirectory;
 
-    /**
-     * <p>Constructor for PluginsLoader.</p>
-     *
-     * @param pluginSource a {@link java.nio.file.Path} object.
-     * @param pluginTarget a {@link java.nio.file.Path} object.
-     */
-    public PluginsLoader(Path pluginSource, Path pluginTarget) {
-        this.pluginSource = Objects.requireNonNull(pluginSource, "plugin source cannot be null");
-        this.pluginTarget = Objects.requireNonNull(pluginTarget, "plugin target cannot be null");
+    @Autowired
+    public PluginsLoader(File pluginTargetDirectory) {
+        this.pluginTargetDirectory = pluginTargetDirectory;
     }
 
-//    /**
-//     * Copy jars to the lib directory
-//     */
-//    public void copyJars() {
-//        try {
-//            if (!alreadyLoaded) {
-//                WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader();
-//               // cl.setAntiJARLocking(true);
-//                List<URL> jars = listJars();
-//                for (URL jar : jars) {
-//                  //  cl.setResources();
-//                   // cl.addRepository(jar.toString());
-//                }
-//                alreadyLoaded = true;
-//            }
-//        } catch (Exception e) {
-//            logger.error("Copying plugins failed", e);
-//        }
-//    }
-
     /**
      * <p>loadPlugins.</p>
      *
      * @return a {@link java.util.List} object.
      */
     public List<Plugin> loadPlugins() {
-       // copyJars();
         List<Plugin> plugins = Lists.newArrayList();
-
         try {
-            PluginFileUtils.createDirsIfNotExists(pluginTarget);
-            cleanupExtractedPluginsDirectory();
+            File jarFile = new File(this.getClass().getProtectionDomain().getCodeSource().getLocation().getFile());
+            if (jarFile.isDirectory()) {
+                extractToTempDirectoryFromExplodedDirectory(jarFile);
+            } else {
+                extractToTempDirectoryFromJarFile(jarFile);
+            }
             List<URL> jars = listJars();
-
             plugins = processPlugins(jars);
         } catch (Exception e) {
             logger.error("Loading plugins failed", e);
@@ -88,14 +72,49 @@ public class PluginsLoader {
         return plugins;
     }
 
-    private void cleanupExtractedPluginsDirectory() {
-        Path i18nDirectory = pluginTarget.resolve("plugin/i18n/");
-        FileUtils.deleteQuietly(i18nDirectory.toFile());
+    private void extractToTempDirectoryFromJarFile(File jarFile) throws IOException {
+        JarFile jar = new JarFile(jarFile);
+        Enumeration<? extends ZipEntry> entries = jar.entries();
+        while (entries.hasMoreElements()) {
+            ZipEntry zipEntry = entries.nextElement();
+            if (zipEntry.getName().contains("plugin_lessons") && zipEntry.getName().endsWith(".jar")) {
+                unpack(jar, zipEntry);
+            }
+        }
     }
 
-    private List<URL> listJars() throws IOException {
+    private void unpack(JarFile jar, ZipEntry zipEntry) throws IOException {
+        try (InputStream inputStream = jar.getInputStream(zipEntry)) {
+            String name = zipEntry.getName();
+            if (name.lastIndexOf("/") != -1) {
+                name = name.substring(name.lastIndexOf("/") + 1);
+            }
+            try (OutputStream outputStream = new FileOutputStream(new File(pluginTargetDirectory, name))) {
+                byte[] buffer = new byte[BUFFER_SIZE];
+                int bytesRead = -1;
+                while ((bytesRead = inputStream.read(buffer)) != -1) {
+                    outputStream.write(buffer, 0, bytesRead);
+                }
+                outputStream.flush();
+            }
+        }
+    }
+
+    private void extractToTempDirectoryFromExplodedDirectory(File directory) throws IOException {
+        Files.walkFileTree(directory.toPath(), new SimpleFileVisitor<Path>() {
+            @Override
+            public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) throws IOException {
+                if (dir.endsWith("plugin_lessons")) {
+                    FileUtils.copyDirectory(dir.toFile(), pluginTargetDirectory);
+                }
+                return FileVisitResult.CONTINUE;
+            }
+        });
+    }
+
+    private List<URL> listJars() throws Exception {
         final List<URL> jars = Lists.newArrayList();
-        Files.walkFileTree(pluginSource, new SimpleFileVisitor<Path>() {
+        Files.walkFileTree(Paths.get(pluginTargetDirectory.toURI()), new SimpleFileVisitor<Path>() {
 
             @Override
             public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
@@ -115,17 +134,17 @@ public class PluginsLoader {
             final CompletionService<Plugin> completionService = new ExecutorCompletionService<>(executorService);
             final List<Callable<Plugin>> callables = extractJars(jars);
 
-            for (Callable<Plugin> s : callables) {
-                completionService.submit(s);
-            }
+            callables.forEach(s -> completionService.submit(s));
             int n = callables.size();
+
             for (int i = 0; i < n; i++) {
                 Plugin plugin = completionService.take().get();
                 if (plugin.getLesson().isPresent()) {
                     plugins.add(plugin);
                 }
             }
-            LabelProvider.updatePluginResources(pluginTarget.resolve("plugin/i18n/WebGoatLabels.properties"));
+            LabelProvider.updatePluginResources(
+                    pluginTargetDirectory.toPath().resolve("plugin/i18n/WebGoatLabels.properties"));
             return plugins;
         } finally {
             executorService.shutdown();
@@ -141,7 +160,7 @@ public class PluginsLoader {
             classLoader.addURL(jar);
             extractorCallables.add(() -> {
                 PluginExtractor extractor = new PluginExtractor();
-                return extractor.extractJarFile(ResourceUtils.getFile(jar), pluginTarget.toFile(), classLoader);
+                return extractor.extractJarFile(ResourceUtils.getFile(jar), pluginTargetDirectory, classLoader);
             });
         }
         return extractorCallables;
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java
index b30beed67..ec9217955 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java
@@ -68,8 +68,9 @@ public class PluginReloadService extends BaseService {
         logger.debug("Loading plugins into cache");
         String pluginPath = session.getServletContext().getRealPath("plugin_lessons");
         String targetPath = session.getServletContext().getRealPath("plugin_extracted");
+        //TODO fix me
         //new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).copyJars();
-        webSession.getCourse().loadLessonFromPlugin();
+        //webSession.getCourse().loadLessonFromPlugin();
 
         Map<String, Object> result = new HashMap<String, Object>();
         result.put("success", true);
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
index ca98dbf45..c6228f7aa 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
@@ -1,20 +1,14 @@
 package org.owasp.webgoat.session;
 
-import org.owasp.webgoat.HammerHead;
 import org.owasp.webgoat.lessons.AbstractLesson;
 import org.owasp.webgoat.lessons.Category;
 import org.owasp.webgoat.plugins.LegacyLoader;
 import org.owasp.webgoat.plugins.Plugin;
-import org.owasp.webgoat.plugins.PluginsLoader;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.Resource;
 
 import javax.servlet.ServletContext;
 import java.io.File;
-import java.io.IOException;
-import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Iterator;
@@ -56,9 +50,7 @@ public class Course {
 
     final Logger logger = LoggerFactory.getLogger(Course.class);
 
-    private List<AbstractLesson> lessons = new LinkedList<AbstractLesson>();
-
-    private final static String PROPERTIES_FILENAME = HammerHead.propertiesPath;
+    private List<AbstractLesson> lessons = new LinkedList<>();
 
     private WebgoatProperties properties = null;
 
@@ -67,12 +59,8 @@ public class Course {
     /**
      * <p>Constructor for Course.</p>
      */
-    public Course() {
-        try {
-            properties = new WebgoatProperties(PROPERTIES_FILENAME);
-        } catch (IOException e) {
-            logger.error("Error loading webgoat properties", e);
-        }
+    public Course(WebgoatProperties properties) {
+        this.properties = properties;
     }
 
     /**
@@ -322,28 +310,7 @@ public class Course {
     /**
      * <p>loadLessonFromPlugin.</p>
      */
-    public void loadLessonFromPlugin() {
-        Resource resource = new ClassPathResource("/plugin_lessons/plugin_lessons_marker.txt");
-        String pluginPath = null;
-        String targetPath = null;
-        try {
-            pluginPath = resource.getFile().getParent();
-            targetPath = pluginPath;
-
-        } catch (IOException e) {
-            e.printStackTrace();
-        }
-
-        logger.debug("Loading plugins into cache");
-        //String pluginPath = context.getRealPath("plugin_lessons");
-        //String targetPath = context.getRealPath("plugin_extracted");
-
-        if (pluginPath == null) {
-            logger.error("Plugins directory {} not found", pluginPath);
-            return;
-        }
-        lessons.clear();
-        List<Plugin> plugins = new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).loadPlugins();
+    public void loadLessonFromPlugin(List<Plugin> plugins) {
         for (Plugin plugin : plugins) {
             try {
                 AbstractLesson lesson = plugin.getLesson().get();
@@ -378,7 +345,6 @@ public class Course {
     public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path) {
         logger.info("Loading courses: " + path);
         this.webgoatContext = webgoatContext;
-        loadLessonFromPlugin();
         LegacyLoader loader = new LegacyLoader();
         lessons.addAll(loader.loadLessons(webgoatContext, context, path, properties));        
     }
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
index 025740272..433492467 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
@@ -9,6 +9,7 @@ import org.owasp.webgoat.util.BeanProvider;
 import org.owasp.webgoat.util.LabelManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import javax.servlet.ServletContext;
 import javax.servlet.http.Cookie;
@@ -238,7 +239,8 @@ public class WebSession {
      * @param webgoatContext a {@link org.owasp.webgoat.session.WebgoatContext} object.
      * @param context Description of the Parameter
      */
-    public WebSession(WebgoatContext webgoatContext, ServletContext context) {
+    @Autowired
+    public WebSession(Course course, WebgoatContext webgoatContext, ServletContext context) {
         this.webgoatContext = webgoatContext;
         // initialize from web.xml
         showParams = webgoatContext.isShowParams();
@@ -248,9 +250,8 @@ public class WebSession {
         showRequest = webgoatContext.isShowRequest();
         currentLanguage = webgoatContext.getDefaultLanguage();
         this.context = context;
+        this.course = course;
 
-        course = new Course();
-        course.loadCourses(webgoatContext, context, "/");
     }
 
     /**
@@ -408,15 +409,6 @@ public class WebSession {
         currentScreen = screen;
     }
 
-    /**
-     * <p> getRestartLink. </p>
-     *
-     * @return a {@link java.lang.String} object.
-     */
-    public String getRestartLink() {
-        return getCurrentLesson().getLink() + "&" + RESTART + "=" + getCurrentScreen();
-    }
-
     /**
      * <p> getCurrentLink. </p>
      *
@@ -1035,7 +1027,7 @@ public class WebSession {
     /**
      * Updates the stage for a RandomLessonAdapter
      *
-     * @param al
+     * @param rla
      */
     private void updateRlaStage(RandomLessonAdapter rla) {
         try {
@@ -1062,7 +1054,7 @@ public class WebSession {
     /**
      * Updates the stage for a SequentialLessonAdapter
      *
-     * @param al
+     * @param sla
      */
     private void updateSlaStage(SequentialLessonAdapter sla) {
         int stage = myParser.getIntParameter(STAGE, sla.getStage(this));
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
index 7a2231ecd..c2e0c7e12 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
@@ -1,12 +1,8 @@
 package org.owasp.webgoat.session;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 
-import javax.servlet.http.HttpServlet;
-
 /**
  * <p>WebgoatContext class.</p>
  *
@@ -16,11 +12,6 @@ import javax.servlet.http.HttpServlet;
 @Configuration
 public class WebgoatContext {
 
-    final Logger logger = LoggerFactory.getLogger(WebgoatContext.class);
-
-    /** Constant <code>DEFAULTLANGUAGE="DefaultLanguage"</code> */
-    public final static String DEFAULTLANGUAGE = "DefaultLanguage";
-
     @Value("${webgoat.database.connection.string}")
     private String databaseConnectionString;
 
@@ -55,14 +46,9 @@ public class WebgoatContext {
 
     private boolean isDebug = false;
 
-    private String servletName;
-
-    private HttpServlet servlet;
-
+    @Value("${webgoat.default.language}")
     private String defaultLanguage;
 
-    private java.nio.file.Path pluginDirectory;
-
     /**
      * returns the connection string with the real path to the database
      * directory inserted at the word PATH
@@ -71,18 +57,6 @@ public class WebgoatContext {
      */
     public String getDatabaseConnectionString() {
         return this.databaseConnectionString;
-//
-//        if (realConnectionString == null) {
-//            try {
-//                String path = servlet.getServletContext().getRealPath("/database").replace('\\', '/');
-//                System.out.println("PATH: " + path);
-//                realConnectionString = databaseConnectionString.replaceAll("PATH", path);
-//                System.out.println("Database Connection String: " + realConnectionString);
-//            } catch (Exception e) {
-//                logger.error("Couldn't open database: check web.xml database parameters", e);
-//            }
-//        }
-//        return realConnectionString;
     }
 
     /**
@@ -157,15 +131,6 @@ public class WebgoatContext {
         return isDebug;
     }
 
-    /**
-     * <p>Getter for the field <code>servletName</code>.</p>
-     *
-     * @return a {@link java.lang.String} object.
-     */
-    public String getServletName() {
-        return servletName;
-    }
-
     /**
      * <p>isShowCookies.</p>
      *
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatProperties.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatProperties.java
index 395ccb40a..44c97daf3 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatProperties.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatProperties.java
@@ -2,11 +2,9 @@ package org.owasp.webgoat.session;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.Resource;
-
-import java.io.IOException;
-import java.util.Properties;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Component;
 
 /**
  * *************************************************************************************************
@@ -39,7 +37,11 @@ import java.util.Properties;
  * @version $Id: $Id
  * @author dm
  */
-public class WebgoatProperties extends Properties {
+@Component
+public class WebgoatProperties {
+
+    @Autowired
+    private Environment env;
 
     /**
      *
@@ -47,25 +49,6 @@ public class WebgoatProperties extends Properties {
     private static final long serialVersionUID = 4351681705558227918L;
     final Logger logger = LoggerFactory.getLogger(WebgoatProperties.class);
 
-    /**
-     * <p>Constructor for WebgoatProperties.</p>
-     *
-     * @param propertiesFileName a {@link java.lang.String} object.
-     * @throws java.io.IOException if any.
-     */
-    public WebgoatProperties(String propertiesFileName) throws IOException {
-        if (propertiesFileName == null) {
-            throw new IOException("Path to webgoat.properties is null, initialization must have failed");
-        }
-
-//        File propertiesFile = new File(propertiesFileName);
-//        if (propertiesFile.exists() == false) {
-//            throw new IOException("Unable to locate webgoat.properties at: " + propertiesFileName);
-//        }
-        Resource resource = new ClassPathResource("/webgoat.properties");
-        //FileInputStream in = new FileInputStream(propertiesFile);
-        load(resource.getInputStream());
-    }
 
     /**
      * <p>getIntProperty.</p>
@@ -77,7 +60,7 @@ public class WebgoatProperties extends Properties {
     public int getIntProperty(String key, int defaultValue) {
         int value = defaultValue;
 
-        String s = getProperty(key);
+        String s = env.getProperty(key);
         if (s != null) {
             value = Integer.parseInt(s);
         }
@@ -96,7 +79,7 @@ public class WebgoatProperties extends Properties {
         boolean value = defaultValue;
         key = this.trimLesson(key);
 
-        String s = getProperty(key);
+        String s = env.getProperty(key);
         if (s != null) {
             if (s.equalsIgnoreCase("true")) {
                 value = true;
@@ -127,21 +110,4 @@ public class WebgoatProperties extends Properties {
 
         return result;
     }
-
-    /**
-     * <p>main.</p>
-     *
-     * @param args an array of {@link java.lang.String} objects.
-     */
-    public static void main(String[] args) {
-        WebgoatProperties properties = null;
-        try {
-            properties = new WebgoatProperties("C:\\webgoat.properties");
-        } catch (IOException e) {
-            System.out.println("Error loading properties");
-            e.printStackTrace();
-        }
-        System.out.println(properties.getProperty("CommandInjection.category"));
-    }
-
 }
diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties
index f794d79cc..ccaf6228b 100644
--- a/webgoat-container/src/main/resources/application.properties
+++ b/webgoat-container/src/main/resources/application.properties
@@ -5,13 +5,16 @@
 #server.jsp-servlet.registered=true
 
 server.error.include-stacktrace=always
+server.session.timeout=600
+server.contextPath=/WebGoat
+server.port=8080
+
+
 logging.level.org.springframework=INFO
 logging.level.org.hibernate=ERROR
 spring.thymeleaf.cache=false
 security.enable-csrf=false
 
-server.contextPath=/WebGoat
-server.port=8080
 
 webgoat.build.version=@project.version@
 webgoat.build.number=@build.number@