But in that case you're just using sessions, and the JWT is a microoptimization to avoid hitting the DB every request.