As sessions are stored on the server side, if you have multiple users requesting your server, you might run into problems. Of course, there are solutions for this.
By using sessions you can also blacklist users more easily/
On the other hand, using JWT will make things easier for the server as it only has to check the signature of the arriving token.
Blacklisting users when using this approach requires you to make another request to check whether the current user is blacklisted or not.
Also having a look at a caching system such as Redis might be worth your while.
Good luck!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I think it depends.
Each solution has its cons and pros.
As sessions are stored on the server side, if you have multiple users requesting your server, you might run into problems. Of course, there are solutions for this.
By using sessions you can also blacklist users more easily/
On the other hand, using JWT will make things easier for the server as it only has to check the signature of the arriving token.
Blacklisting users when using this approach requires you to make another request to check whether the current user is blacklisted or not.
Also having a look at a caching system such as Redis might be worth your while.
Good luck!