Do I have to store tokens in cookies or localstorage or session?

Sorry, maybe this is a question that many others have asked, but I am really confused because some references have many different ways.

Iam using React SPA, Express,Express-session, Passport,JWT

so I'm confused about Cookies, Session and JWT / Passport.

Many websites use cookies to store shopping cart tokens. So far I have stored shopping cart data based on the session ID without adding any cookies.

So when users visit my website, I will match it with their req.sessionID and then retrieve the data in the database like shopping carts and user session.

so my question is do I need to store cookies?because I can access it via req.sessionID to get the data needed.

And the second

I have made authentication using a passport-google-oauth20.After I successfully login, the data is saved into the session. and to send it to the client I have to send it via the URL query ?token='sdsaxas'.

in this case I get a lot of difference of opinion. someone saved it into local storage and someone saved it into cookies by converting it to a token using JWT.

 jwt.sign(
        payload,
        keys.jwt.secretOrPrivateKey, 
        {
            expiresIn:keys.jwt.expiresIn // < i dont know what is this expired for cookies or localstorage ?
        }, (err, token) => {

            res.redirect(keys.origin.url + "?token=" + token);
        });

the conclusion is that everything is related to the session so I can do it all with sessionID? without cookies or localstorage

Only by doing fetch once or every page refresh and retrieving the data and then saved into redux because I use React SPA

from Do I have to store tokens in cookies or localstorage or session?