Every time you use the '--no_cookies' option, you are telling appcfg to never save your credentials, so it's always going to prompt you every time you upload your app.

Running appcfg.py update app.yaml or appcfg.py update <dir_name> just once should be sufficient, since the '--oauth2' option is now the default and currently the only support authentication method.

On a side note, appcfg stores certain files under your user directory (C:\Users\<username> on Windows, or /home/<username> on Linux / Mac) named '.appcfg_*' for its cookies and saved auth tokens. You may need to show hidden files / extensions to see them. Sometimes deleting these files and re-running appcfg can help with auth not working.