This is what I usually do too, it works well for projects where user management is minimal and the only way to use the product is visiting the web site.

I mail the user a login link with a tamper free token, clicking the link will give the user a cookie.