I say that session cookies are more secure than JWTs. You should take a look at an alternative to JWTs, PASETO. And don't forget to read a blog post about what's wrong with JWT. You shouldn't use JWTs for authentication.
Never index by secret values!
Another blog post on why you shouldn't use JWTs for sessions.
A blog post about indexing by secrets and timing attacks in general.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.