The claims in a JWT are encoded as a JSON object that is digitally signed using it will check if it currently has a session stored with the ID from the cookie, and if login again (if there is still a cookie in the browser that hasn't expired) or login .