Discussion on: JSON Web Tokens (JWT) vs. SessionID 🔐 ? explained in 2 mins

[Miguel Mota]

Only use JWT's as short-lived one-time tokens. For everything else, use session cookies. If you need to make a database lookup to validate the JWT then the purpose of them is defeated.