Authentication, authorization... well security in general, is not a simple thing that can be explained so easily. There is no mention of CSRF and XSS problems with sessions, session hijacking. Also, you said, "The major drawback of session tokens is that the logged-in users will get kicked out when either a different server deals with their request". It's not major, it's the reason why there is no serious modern APP that can completely rely on session tokens (even if you put everything in Redis, or have a separate authentication server). Also, there is no serious application that completely relies on JWT. Some things are better to keep in JWT, some things are better to keep in session. But if you have a website where security is important, you need everything you can get. Don't afraid of using a database or have one additional request every 15 minutes if that will improve security or stability.
For further actions, you may consider blocking this person and/or reporting abuse
We're a blogging-forward open source social network where we learn from one another
Authentication, authorization... well security in general, is not a simple thing that can be explained so easily. There is no mention of CSRF and XSS problems with sessions, session hijacking. Also, you said, "The major drawback of session tokens is that the logged-in users will get kicked out when either a different server deals with their request". It's not major, it's the reason why there is no serious modern APP that can completely rely on session tokens (even if you put everything in Redis, or have a separate authentication server). Also, there is no serious application that completely relies on JWT. Some things are better to keep in JWT, some things are better to keep in session. But if you have a website where security is important, you need everything you can get. Don't afraid of using a database or have one additional request every 15 minutes if that will improve security or stability.