While it is possible to do so, the information and code provided here does absolutely nothing to prevent replay attacks.
The ability to revoke sessions is nice, and somewhat related, but it's not the same as preventing replay attacks.
Aside from providing visibility into active sessions, the only other reason I can imagine this being better than signed cookies is if you didn't trust your signing algorithm and wanted to prevent someone from changing parts of your session cookie while retaining a valid signature. As far as I know, the signatures used by Rails and Django have not been called into question.
3. Use client-side certificates by using the HTML5 keygen element to have the browser generate the client's public/private key pair, and then have the server sign the client's public key (http://security.stackexchange.com/questions/27961/should-the...).
I really like this. The session holds a lot of information about how your users are using your app. You can get the same information with analytics etc. but having it available in the DOM is really nice.
I've been developing web applications for 15 years and I've lost count of how many times I've built some form of sessions. I learnt some neat tricks from this article (mixing signed cookie sessions for logged out users with database backed sessions for signed in, having a revoked_at field) that I hadn't used before. Definitely worth an up vote.
The ability to revoke sessions is nice, and somewhat related, but it's not the same as preventing replay attacks.
Aside from providing visibility into active sessions, the only other reason I can imagine this being better than signed cookies is if you didn't trust your signing algorithm and wanted to prevent someone from changing parts of your session cookie while retaining a valid signature. As far as I know, the signatures used by Rails and Django have not been called into question.