GDPR does not require "cookie consents forms" and neither do the EU e-privacy rules. There are clear exemptions for authentication and other technical cookies.
Basically, the form is only required if you're doing something nastier, like tracking.
I've never understood why sites just run with the concept and implement the "permission form" when it really isn't required for good actors.