I found Security Cryptography Whatever's treatment of the various session token options super informative [0]. I had some vague unformed skeptical opinions about JWTs, and now I have some reasonably informed rational opinions about them, so can recommend.

[0]: https://securitycryptographywhatever.buzzsprout.com/1822302/...