Cookie contains access token (JWT) and refresh token (non-JWT). Right now, we store the refresh token in postgres. We are building out caching functionality using redis and memcached that will then store session data to improve read speeds.
But with JWTs, most session verification calls will not need any network operation anyways. So it's super fast!