The model you would have to match is how the administrative pages do things. Otherwise your site will be open to hackers adding all the tags they desire. This involves enabling sessions, a "costly" and XSRF tagging and checking of each submission of a tag.
I hope you understand that since I think this an unwise thing I am not really motivated to provide much help.