Here is now two different things.
Legally by GDPR/data privacy you don’t need consent for persistent session. It is technical cookie for an user and not used collect personal data. Sure, you have to tell it is there, but it is user’s job to logout everytime if they want avoid remebering. You can still offer it.
And there is this:
That is totally different game and playfield. Here in Nordic every sites that are operating on banking, health care in any way, goverment/local bodies etc. will logout automatically after some time or after inactive period (hopefully that is true world wide) and then persistent ones are impossible. And same is true on sites that are, for their’s reasons, very privacy aware.
If that is true in your case I don’t know any out-of-the-box solutions, but here is a lot pros who may/will know.
But in generally you don’t need consent from an user for that. But there can be special cases when you can’t even offer it.