Ref T4310. This is a small step toward separating out the session code so we can establish sessions for ExternalAccount and not just User.

Also fix an issue with strict MySQL and un-admin / un-disable from web UI.

Logged in, logged out, admined/de-admin'd user, added email address, checked user log for all those events.