I am working with JWT tokens and cookie-based sessions for user authentication in my web application, but I have some concerns about security.