Can you explain why you believe this to be the case? Let's say you log the user in. Yes, you need consent to store a login cookie, but that doesn't mean you need "a banner and explicit opt-in". You only need explicit opt-in, which you can do by... putting a "remember me" box next to your login form[1]. Is that really so hard?

[1] https://law.stackexchange.com/a/32157