Depends on the system. If you use JWTs for authentication only, they still serve a purpose. Sessions also only serve as authentication, not authorization. Authorization is independent of the both systems, and it depends how you implement that.

There are systems where the authorization is done in the JWT too (i.e. scopes/permissions in the token) - in that case you are right.