There ary any solutions to do that? By using a jwt the user will be logged out if the token expires but what if the token expires and the user is doing some things? He lost all his data. With a session based login only in a time of inactivity the session expires.
The behaviour is different with the jwt. Deleting the jwt from the httponly cookies is one step but the token still exists.
You can implement your own refresh token logic.
If the jwt is expired you hit a custom endpoint to reauth it.
It expects the old token, and a refresh_token if they are valid you get new tokens back.
IF you want to log the user out, you can delete the cookie and also their validation tokens.