Do not match by config ID if trust visitor cookies is used and a user…

… ID is supplied. (matomo-org#14196)
fdellwing · Mar 15, 2019 · da72724 · da72724
1 parent 8edc76e
commit da72724
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/core/Tracker/VisitorRecognizer.php b/core/Tracker/VisitorRecognizer.php
@@ -161,17 +161,17 @@ protected function shouldLookupOneVisitorFieldOnly($isVisitorIdToLookup, Request
     {
         $isForcedUserIdMustMatch = (false !== $request->getForcedUserId());
 
-        if ($isForcedUserIdMustMatch) {
-            // if &iud was set, we must try and match both idvisitor and config_id
-            return false;
-        }
-
         // This setting would be enabled for Intranet websites, to ensure that visitors using all the same computer config, same IP
         // are not counted as 1 visitor. In this case, we want to enforce and trust the visitor ID from the cookie.
-        if ($isVisitorIdToLookup && $this->trustCookiesOnly) {
+        if (($isVisitorIdToLookup || $isForcedUserIdMustMatch) && $this->trustCookiesOnly) {
             return true;
         }
 
+        if ($isForcedUserIdMustMatch) {
+            // if &iud was set, we must try and match both idvisitor and config_id
+            return false;
+        }
+
         // If a &cid= was set, we force to select this visitor (or create a new one)
         $isForcedVisitorIdMustMatch = ($request->getForcedVisitorId() != null);