Do not match by config ID if trust visitor cookies is used and a user ID is supplied. (#14196)

1 files changed, 6 insertions, 6 deletions

diff --git a/core/Tracker/VisitorRecognizer.php b/core/Tracker/VisitorRecognizer.php
index 7e6db6b9b9..249c31af5a 100644
--- a/core/Tracker/VisitorRecognizer.php
+++ b/core/Tracker/VisitorRecognizer.php
@@ -161,17 +161,17 @@ class VisitorRecognizer
     {
         $isForcedUserIdMustMatch = (false !== $request->getForcedUserId());
 
-        if ($isForcedUserIdMustMatch) {
-            // if &iud was set, we must try and match both idvisitor and config_id
-            return false;
-        }
-
         // This setting would be enabled for Intranet websites, to ensure that visitors using all the same computer config, same IP
         // are not counted as 1 visitor. In this case, we want to enforce and trust the visitor ID from the cookie.
-        if ($isVisitorIdToLookup && $this->trustCookiesOnly) {
+        if (($isVisitorIdToLookup || $isForcedUserIdMustMatch) && $this->trustCookiesOnly) {
             return true;
         }
 
+        if ($isForcedUserIdMustMatch) {
+            // if &iud was set, we must try and match both idvisitor and config_id
+            return false;
+        }
+
         // If a &cid= was set, we force to select this visitor (or create a new one)
         $isForcedVisitorIdMustMatch = ($request->getForcedVisitorId() != null);