This makes me a bit uncomfortable. I am more comfortable with a semantically-meaningless cryptographically random token.

Additionally, this token could be valid for a very long time.

I would probably flag this approach in an assessment.