Authentication woes

Hey there,
I’m building a web app for a personal project to get to grips with Strapi. I’m using Nextjs for the front and Strapi for the back. I’ve hit a bit of a wall with Authentication. A user would login and records relevant to them would be returned from a collection. I’ve spent a few days looking a various options: NextAuth, Supertokens etc. Using a few YouTubes, tutorials and Strapi docs I’ve managed to cobble together a working login using NextAuth.

Along the way I’ve read lots of stuff about JWT/session security concerns so now I’m totally paranoid about what I’ve built because I don’t fully understand how it’s working. As far as I understand I have my JWT stored in a session. I’m going round in circles a bit now so any guidance would be great. I’m tempted to just go the Auth0 route, this would solve my concerns wouldn’t it?