yes,
but that’s automatically handled.
When turning on anonymous access, you have to specify a user role. That user role defines the access rights of the anonymous user.
When a user accesses the application w/o being logged in, then a (temp) user is created, with the anonymous role assigned and a session is started for that user