The humble session cookie is what I've been using all these years, but now suddenly everyone is saying "JWT". Any advice on the pros and cons of JWT vs session cookies?
JWT is a buzzword. Some people are attracted to changing shit for the sake of it, and then encouraging others to use the new thing too, to validate their own use, and feel like they're 'ahead of the curve' on trendy tech.
Rather than rehashing it all myself, I'd suggest reading http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-fo... and https://developer.okta.com/blog/2017/08/17/why-jwts-suck-as-...