Sessions are stored on the server in MediaWiki. This means that the state of user's logged in status must be stored in a centralized location. By default, MediaWiki stores sessions in the object storage.
When a user logs in, a cookie could be set that contains a JWT. This token would contain a verified claim of the user's logged in status. This allows the session to be transfered from the client to the server on each request and prevents the server from storing the state of the user's logged-in state. This makes authorization stateless.
MediaWiki would still be able to use the existing features like "Keep me logged in."
The best way to accomplish this, might be to implement a BagOStuff for a the JWT (from the header) and perhaps extending CookieSessionProvider to set the JWT on a cookie.