I'd like to get some opinions out there from some skillful Rails programmers. Let me ask if a certain scenario is possible. I would like to expose the major portion of my web app, which acts as a workspace, to anyone that accesses it without any form of signup. In the workspace they have the ability to manipulate text fields, etc. and then save them to a database. The fact that they visit and work in the workspace would save a cookie to their computer. That cookie could remember which "user" visited and therefore access their data again. However upon revisiting rather than allow them to continue, force them to sign in.
My question is this: what are the security concerns for a web app to create generic users simply by a person visiting a site rather than signing up?
Thanks much for any input. You all's awesome.