Fixes #39511.12-b16

1 files changed, 8 insertions, 1 deletions

diff --git a/config/global.ini.php b/config/global.ini.php
index 32e0cb1fbd..e305959044 100644
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -340,6 +340,13 @@ overlay_disable_framed_mode = 0
 ; this is useful when you want to do cross websites analysis
 use_third_party_id_cookie = 0
 
+; There is a feature in the Tracking API that lets you create new visit at any given time, for example if you know that a different user/customer is using
+; the app then you would want to tell Piwik to create a new visit (even though both users are using the same browser/computer).
+; To prevent abuse and easy creation of fake visits, this feature requires admin token_auth by default
+; If you wish to use this feature using the Javascript tracker, you can set the setting new_visit_api_requires_admin=0, and in Javascript write:
+; _paq.push(['appendToTrackingUrl', 'new_visit=1']);
+new_visit_api_requires_admin = 1
+
 ; This setting should only be set to 1 in an intranet setting, where most users have the same configuration (browsers, OS)
 ; and the same IP. If left to 0 in this setting, all visitors will be counted as one single visitor.
 trust_visitors_cookies = 0
@@ -417,7 +424,7 @@ ip_address_mask_length = 1
 tracker_cache_file_ttl = 300
 
 ; DO NOT USE THIS SETTING ON PUBLICLY AVAILABLE PIWIK SERVER
-; !!! Security risk: if set to 0, it would allow anyone to push data to Piwik with custom dates in the past/future and with fake IPs !!!
+; !!! Security risk: if set to 0, it would allow anyone to push data to Piwik with custom dates in the past/future and even with fake IPs!
 ; When using the Tracking API, to override either the datetime and/or the visitor IP, 
 ; token_auth with an "admin" access is required. If you set this setting to 0, the token_auth will not be required anymore.
 ; DO NOT USE THIS SETTING ON PUBLIC PIWIK SERVERS