While setting a session cookie with the information you need (e.g.: name, surname, permissions, etc.) is the most efficient approach, it’s not the most secure by default.
I once had the opportunity to view a user being banned, but because sessions weren’t purged from the server, he continued to have administrative rights.
So, I prefer to perform a database query every time instead of storing data in sessions, even if that comes with a trade-off in performance.