diff --git a/Sources/App/Management/SQLiteDatabase.swift b/Sources/App/Management/SQLiteDatabase.swift
index 95b49c9..495ebe0 100644
--- a/Sources/App/Management/SQLiteDatabase.swift
+++ b/Sources/App/Management/SQLiteDatabase.swift
@@ -37,7 +37,7 @@ private extension Configuration.EMail {
     }
 }
 
-final class SQLiteDatabase {
+actor SQLiteDatabase {
 
     /// A mapping between player name and generated access tokens for a session
     private var sessionTokenForPlayer = [PlayerName: SessionToken]()
diff --git a/Sources/App/routes.swift b/Sources/App/routes.swift
index dfa80d3..41ce67b 100644
--- a/Sources/App/routes.swift
+++ b/Sources/App/routes.swift
@@ -156,7 +156,7 @@ func loginPlayer(_ app: Application) {
         guard try request.password.verify(password, created: hash) else {
             throw Abort(.unauthorized) // 401
         }
-        return server.startNewSessionForRegisteredPlayer(named: name)
+        return await server.startNewSessionForRegisteredPlayer(named: name)
     }
 }
 
@@ -177,7 +177,7 @@ func resumeSession(_ app: Application) {
     app.post("player", "resume") { request -> String in
         let token = try request.header(.token)
         
-        guard let player = server.registeredPlayerExists(withSessionToken: token) else {
+        guard let player = await server.registeredPlayerExists(withSessionToken: token) else {
             throw Abort(.unauthorized) // 401
         }
         return player
@@ -221,10 +221,10 @@ func getTableForPlayer(_ app: Application) {
     app.post("player", "table") { request -> String in
         let token = try request.header(.token)
 
-        guard let player = server.registeredPlayerExists(withSessionToken: token) else {
+        guard let player = await server.registeredPlayerExists(withSessionToken: token) else {
             throw Abort(.unauthorized) // 401
         }
-        guard let info = server.currentTableOfPlayer(named: player) else {
+        guard let info = await server.currentTableOfPlayer(named: player) else {
             return ""
         }
         return try encodeJSON(info)
@@ -279,7 +279,7 @@ func createTable(_ app: Application) {
             throw Abort(.badRequest) // 400
         }
         
-        guard let player = server.registeredPlayerExists(withSessionToken: token) else {
+        guard let player = await server.registeredPlayerExists(withSessionToken: token) else {
             throw Abort(.unauthorized) // 401
         }
         let result = try await server.createTable(named: tableName, player: player, isPublic: isPublic, in: request.db)
@@ -304,10 +304,10 @@ func getPublicTables(_ app: Application) {
     app.post("tables", "public") { request -> String in
         let token = try request.header(.token)
 
-        guard server.isValid(sessionToken: token) else {
+        guard await server.isValid(sessionToken: token) else {
             throw Abort(.unauthorized) // 401
         }
-        let list = server.getPublicTableInfos()
+        let list = await server.getPublicTableInfos()
         return try encodeJSON(list)
     }
 }
@@ -376,9 +376,9 @@ func performActionForPlayer(_ app: Application) {
 
         let result: PlayerActionResult
         if let action = PlayerAction(rawValue: actionString) {
-            result = server.performAction(playerToken: token, action: action)
+            result = await server.performAction(playerToken: token, action: action)
         } else if let game = GameType(rawValue: actionString) {
-            result = server.select(game: game, playerToken: token)
+            result = await server.select(game: game, playerToken: token)
         } else {
             throw Abort(.badRequest)
         }