diff --git a/docs/metadata_webservice.md b/docs/metadata_webservice.md
new file mode 100644
index 0000000000000000000000000000000000000000..6df49a501848c77f5d7e7fe71650638cd3e5653e
--- /dev/null
+++ b/docs/metadata_webservice.md
@@ -0,0 +1,59 @@
+# Running the Metadata Webservice Locally
+
+## Run postgres in a container (for local development)
+
+```
+docker run --rm -it -p 5432:5432 -e POSTGRES_PASSWORD=postgres postgres:10
+```
+
+This exposes port 5432 so python can connect locally. When running the webservice in a container, container links should be used so the container can access the database container.
+
+## Set up schema in database
+
+> This is only needed the first time the database is created. Volume mounts can make this more persistent.
+
+```
+export DATABASE_URL="postgresql://postgres@localhost/postgres?password=postgres"
+pipenv run python .\create_db.py
+```
+
+### Add some testing data (depends on DATABASE_URL environment set above).
+
+```
+pipenv run python .\test_metadata.py
+```
+
+## Set up OpenID application in code.usgs.gov.
+
+- Under your account, go to settings
+- Applications -> Add New Application:
+
+  Callback URLs for local development:
+
+  ```
+  http://127.0.0.1:8000/ws/secure/authorize
+  http://127.0.0.1:4200/ws/secure/authorize
+  ```
+
+  Confidential: `Yes`
+
+  Scopes: `openid`, `profile`, `email`
+
+## Start webservice
+
+- Export variables used for authentication:
+
+```
+export DATABASE_URL="postgresql://postgres@localhost/postgres?password=postgres"
+export OPENID_CLIENT_ID={Application ID}
+export OPENID_CLIENT_SECRET={Secret}
+export OPENID_METADATA_URL=https://code.usgs.gov/.well-known/openid-configuration
+export SECRET_KEY=changeme
+export SECRET_SALT=salt
+```
+
+- Run app
+
+```
+pipenv run uvicorn geomagio.api:app
+```
diff --git a/geomagio/api/db/session_table.py b/geomagio/api/db/session_table.py
index f5a3f89e4045b56b8dc7673c64f4014b04a77847..a62ebb78247a0303a146c3d12cfdd4e31051522d 100644
--- a/geomagio/api/db/session_table.py
+++ b/geomagio/api/db/session_table.py
@@ -26,7 +26,7 @@ async def delete_session(session_id: str) -> None:
 async def get_session(session_id: str) -> str:
     query = session.select().where(session.c.session_id == session_id)
     row = await database.fetch_one(query)
-    return row.data
+    return row.get("data", None)
 
 
 async def remove_expired_sessions(max_age: timedelta) -> None:
@@ -44,7 +44,7 @@ async def save_session(session_id: str, data: str) -> None:
         .values(data=data, updated=updated)
     )
     count = await database.execute(query)
-    if count == 0:
+    if count is None or count == 0:
         # no matching session, insert
         query = session.insert().values(
             session_id=session_id, data=data, updated=updated