Thanks Dieter for your help,
You would probably use a long living cookie to identify your users (this approach, of course, does not really identify users but identifies browser installations to a certain degree).
Well, this is the problem: In my particular case, I can't rely on a long-living cookie to identify visitors, because it will often happen that different visitors use the same computer. The only solution I found is to use a session timeout to try to guess when the visitor has changed (plus explicit logout, but I can't rely on it!). If I can't find a better solution, I will probably use CoreSessionTracking with two Data Containers, one for the actual sessions with a timeout, and another one for persistent storage of identified user profiles. I'm surprised that no product offer facilities to carry over from "not logged in" into "logged in" mode. Thanks anyway, Benjamin.