So why not just make the session last forever the same way, but using a password instead of requiring me to login to my email and click a link? I logged into Facebook the first time and as long as I didn't delete cookies, I could go to Facebook on that device today, tomorrow, next week, next month, next year... And never have to put my password in again.
Not really saying Facebook, but using Facebook as an example. They keep the session alive until you either delete the cookie, or the session from your control panel. Why deal with this email method when you can just keep the session alive forever unless they logout or delete cookies, after they have typed their password in?
This just adds more waste...