I need explanation in express-session and jwt. E.g. I have shopping cart, and to log in and sign in I use jwt but to store chosen products in shopping cart I would like use express- session and connect-mongo Is that correct way? And my question is in sense and proper solution use sessions and jwt in one project? Maybe better would be use jwt to store product e.g. 3 hours.
You could definitely use both express-session and tokens in the same project but I don't see why you would want to in this case because you can do both authentication and store information either of the two. I use JWT tokens mostly when I require authentication process in calling API but when I make simple E-commerce websites, I just use express-session.
About storing products for certain time, you can just expire the session after certain number of hours. Then the products will be released.
So in the end, you could use both if you want but why not just one if it suits your purpose better? bcrypt is just as safe as jwt if not safer.