Caching user sessions: JWT vs server-side sessions with Redis

been wrestling with session management for a while now. we're using JWTs for user sessions, which is great for statelessness and scaling horizontally. the problem comes with revocation. if a user logs out or we need to force a session invalidation (e.g., security incident), we're stuck building a blacklist on the server side. this kind of defeats the point of a stateless JWT, as we now have a lookup on every request. i'm thinking about moving to server-side sessions stored in redis. it's more stateful, but it gives us clean, instant revocation. the trade-off is the extra network hop and memory pressure on redis. for a high-volume app, is a redis-backed session store generally preferred for its revocation capabilities, even with the added state? or are there clever ways to make JWT blacklisting less painful at scale?