But you can not store anything in your session ID. JWT can carry a small amount of data that's need by my service. I only need to validate JWT and check if it's been invalidated. Then I can go ahead to perform by business logic. I don't want to hit db to get all these data. Yes you can argue why not just store them in redis too, but with JWT I only need One bit.