Does dbAuth use JSON Web Token or database session？

Does dbAuth use JSON Web Token or database session？

It uses an encrypted cookie and each request is validated towards the database, so I would say more towards the database session.
Docs: Authentication - dbAuth - How It Works