Thank you for your comment. While it is true that JWTs haven’t initially been used for sessions, they work perfectly fine in that context as long as certain aspects are considered.

By making JWTs revokable, one of their biggest drawbacks is neutralized.

Additionally, I am nowhere claiming that JWTs are the only way of implementing sessions; In fact, another tutorial on OAuth2 is already in concept. I simply pointed out how JWTs can be used for sessions and demonstrated a possible implementation.

I am aware that using JWTs for sessions is quite controversial throughout the dev community. However, it works - and it works perfectly fine. Therefore, it’s perfectly valid to use them for sessions as long as certain aspects are considered.

I encourage you to read more on that here: supertokens.io/blog/are-you-using-jwts-for-user-s… specifically pointing you to the „The New Approach“ section. The implementation described in my post is simply a variation.