Probably someone more experienced will explain in more details, but basically, when I read JWT and API I think about stateless application, namely, there is no user session stored on the server. This is one of the basic features of JWT, it stores everything that the server must know to identify the user and handle the request.
I think your reasoning is fine, but it is not user session you are trying to use, you are using JWT to carry the information to and from as I said. It is something like this, right?
Guest enters -> Server receives the request, generate a random token and send it to the user -> guest uses this token from now on to send data and the server will know where it will save it temporarily.
The same for logged use, but the folder is not temporary and there is info about the user on the token in this case.
Obs: No token is stored on the server, never, only on the client side.
Yeap. you got it right.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.