I am struggle for a stable answer for this question and not getting any. My doubts are
sub
?1) You need to store some user identification in JWT. Usually it makes sense to list her granted rights verified during authentication and something like display name. Definitely do not store password.
2) No, token is not stored in the database. Tokens are short lived and need to be re-issued every few minutes transparently to user.
3) Every time JWT is re-issued it is unique because one of the things encoded in it is the timestamp for when it expires.
4) First token is created during authentication. Then each request validates the token by decoding it using the private key you used to encode it. If the token is expiring soon you issue the new one using the same data + updated expiration timestamp.
5) Log out is now a front end's job. You need to stop sending requests with the token. Perhaps delete the cookie if you are sending JWT as a cookie.
6) This is better than using session because it is stateless. First obvious win is that you no longer need to store session info in database/maintain client ip address affinity if you are running a cluster of multiple web servers.