Caching user sessions: JWT vs server-side sessions with Redis

We're currently using JWTs for user sessions, primarily for their stateless nature and ease of scaling. However, we've run into a common issue: revoking tokens. If a user logs out or their account is compromised, we can't immediately invalidate a JWT without maintaining some form of server-side blacklist, which sort of defeats the purpose of being stateless. This blacklisting mechanism effectively becomes a distributed session store anyway. We're considering switching back to server-side sessions, storing them in Redis. This would allow for clean, immediate revocation of sessions. The main concerns are scaling the Redis cluster for potentially millions of active sessions and the added network latency for every request to validate a session. Are there patterns for combining the benefits of both, or is it generally accepted that for robust session management with instant revocation, a server-side store is almost always necessary? How do you manage session revocation at scale without compromising performance?