Quite a few points there:
- Dynatrace uses the user tag you specify as well as a cookies for session correlation, in the settings for the application there is an option for a persistent cookie (rxVisitor) and sessions get tied to the same user when these match - there is no time limit for these
- https://www.dynatrace.com/support/help/shortlink/cookies#cookie-storage
- If a user opens to windows odds are the same persistent cookie would be present in both of those regardless of if they log in so those could be tied to the same user - it depends if you have that option enabled though
- (and 4) the location mapping is determined based on the IP address that we see for that session which needs to be a public IP address for it to happen automatically (you can do your own mappings of private IP addresses or to override public ones) and even for these public ones not all ranges can be mapped to the region level sometimes it is only country. But the tagging is not relevant here, just the IP address so I would see if those sessions have a different one reported
This looks like the sessions query page - it will be easier to see and make sense of a lot of this behavior if you look directly at some sessions and users - then you can see when 'anonymous' sessions are getting tied to the same user that is sometimes tagged and what the IP addresses are that we see. In sessions query they'll all show up as individual records and you need to try to do that mapping manually.