Hard to tell for sure from description but what you might be seeing is Dynatrace can use persistent cookies on the browser to identify returning users. This known cookie can then be used to identify a user returning to your application even if they don't 'log in.'
So for example you might see anonymous sessions since the user tag identifier wasn't observed in that session (e.g. they didn't log in) but looking at all of their sessions you might see other sessions that were tagged that are tied to the same cookie.
If that does not sound like what you're seeing please post some screen captures. In a single session if you see a user tag event the session should be tagged with that identifier.
Don't be confused as to what you're looking at. When you pick a user tag, you are basically looking at all sessions tied to a given browser cookie. Some sessions may not have user tags for various reasons (like the user never logged in or has not logged in yet, for example). There can even be other users on the same cookie. For example, some other user might have logged in briefly while collaborating with the "owner" of the browser (or it could be something more nefarious - unlikely, but possible). But you can see all the sessions with all the tags, no matter which tag you use to drill down.