A session is used in authentication in order to store the identification data.
After a user has been authenticated, the identification (the user name generally) is stored in the session and other requests do not need to be authenticated.
The logic is generally that the user is authenticated if the session contains the user name.
A session is identified by a session identifier that permits looking up the session data.
The session data may be stored in a store such as:
You grab the identifier and you lookup the data.
If you don't want to manage an external store (such as a database) to store your session data, you may also store your session data directly encrypted in a cookie
Because the JWT format has a signature, you may authenticate it.
Note that every other format encrypted where you only know the secret may also authenticate the data.