Yes! JWTs in the browser are a total pain. You need a way to revoke them (when a user is fired, etc). Or you need to make them crazy short lived (5 minutes). Users need to stay logged in without the tab open for a lot longer than 5 minutes, so you need a way to make that work. They tend to be really large, which slows down your load times a lot due to TCP slow-start and people just having weak upload speeds. And they can easily get too large to store as a cookie. Also, people forget that anyone can read the data stored in the JWT. They just cause more problems than they solve and there's a lot of edge-cases and footguns.