The method I’m using right now is: stateful jwt. I’m just storing session id inside JWT and check it