Try to avoid double-counting in request statistics, when a user logs in. Previously, when a user logs in, the user was counted once as un-authenticated user, and once as authenticated one.
TODO: when this works sufficiently well, the same should be done as well for the 24h statistics.