Strictly necessary cookies do not have to be session cookies. If you read https://gdpr.eu/cookies/ it says they generally will be session cookies, not that they must be. If you think it is appropriate for your users to be already logged in the next time they run their web browser, using a persistent cookie for that is permitted.
Yes, they can become persistent once you get consent or other grounds. You probably get that consent in registration form and "recall" it on login. Otherwise you process data from across sessions, which is a huge red flag.