Like most "always do this" or "never do this" articles, this one is dumb.

If you are operating at a scale where you can simply store session data in the database and look it up every time, that's a fine way to operate. At some scale this approach becomes a problem, and it's faster/cheaper/simpler to store some limited data on the client (signed).

Yes there are complexities to both approaches. That's fine.