I’m making an webapp which have to maintain some user specific data, so authentication is needed. My app is not anything mission critical. As this is the case, I thought of removing the whole sign-up/sign-in as it acts as a big barrier for a visitor. Instead the authentication is based solely on cookies. When they access my app, a cookie is set and they are logged in. All their activities are stored in db across their cookie value. So whenever they visit again from the same browser, they will get their customized pages.
I know that they can’t browse from another device, or if they clear cookies they can’t recover account. Let’s say these won’t be problem for me, as there are going to be a handful of initial users. Incase if they face such trouble accessing, I could give them support.
So is it advisible to have cookie only authentication? And also leaving the cookie unchanged (permanent) is fine?