4 files changed, 50 insertions, 18 deletions

diff --git a/core/Tracker/Action.php b/core/Tracker/Action.php
index aa721a03c5..5fba5a2862 100644
--- a/core/Tracker/Action.php
+++ b/core/Tracker/Action.php
@@ -357,7 +357,9 @@ abstract class Action
         $visitAction['idlink_va'] = $this->idLinkVisitAction;
 
         Common::printDebug("Inserted new action:");
-        Common::printDebug($visitAction);
+        $visitActionDebug = $visitAction;
+        $visitActionDebug['idvisitor'] = bin2hex($visitActionDebug['idvisitor']);
+        Common::printDebug($visitActionDebug);
 
         /**
          * Triggered after successfully persisting a [visit action entity](/guides/persistence-and-the-mysql-backend#visit-actions).
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php
index 8ded0dc7a2..212abbd0d2 100644
--- a/core/Tracker/Request.php
+++ b/core/Tracker/Request.php
@@ -551,12 +551,11 @@ class Request
     public function getForcedUserId()
     {
         $userId = $this->getParam('uid');
-
         if (strlen($userId) > 0) {
             return $userId;
         }
 
-        return null;
+        return false;
     }
 
     public function getForcedVisitorId()
@@ -608,8 +607,8 @@ class Request
      * @param $userId
      * @return string
      */
-    private function getUserIdHashed($userId)
+    public function getUserIdHashed($userId)
     {
-        return sha1($userId);
+        return substr( sha1( $userId ), 0, 16);
     }
 }
diff --git a/core/Tracker/Visit.php b/core/Tracker/Visit.php
index 75633d95b6..f01f34bc19 100644
--- a/core/Tracker/Visit.php
+++ b/core/Tracker/Visit.php
@@ -513,11 +513,7 @@ class Visit implements VisitInterface
     {
         $valuesToUpdate = array();
 
-        // Might update the idvisitor when it was forced or overwritten for this visit
-        if (strlen($this->visitorInfo['idvisitor']) == Tracker::LENGTH_BINARY_ID) {
-            $valuesToUpdate['idvisitor'] = $this->visitorInfo['idvisitor'];
-            $visitor->setVisitorColumn('idvisitor', $this->visitorInfo['idvisitor']);
-        }
+        $valuesToUpdate = $this->setIdVisitorForExistingVisit($visitor, $valuesToUpdate);
 
         $dimensions     = $this->getAllVisitDimensions();
         $valuesToUpdate = $this->triggerHookOnDimensions($dimensions, 'onExistingVisit', $visitor, $action, $valuesToUpdate);
@@ -613,4 +609,29 @@ class Visit implements VisitInterface
     {
         return Config::getInstance()->Tracker['visit_standard_length'];
     }
+
+    /**
+     * @param $visitor
+     * @param $valuesToUpdate
+     * @return mixed
+     */
+    private function setIdVisitorForExistingVisit($visitor, $valuesToUpdate)
+    {
+        // Might update the idvisitor when it was forced or overwritten for this visit
+        if (strlen($this->visitorInfo['idvisitor']) == Tracker::LENGTH_BINARY_ID) {
+            $binIdVisitor = $this->visitorInfo['idvisitor'];
+            $visitor->setVisitorColumn('idvisitor', $binIdVisitor);
+            $valuesToUpdate['idvisitor'] = $binIdVisitor;
+        }
+
+        // User ID takes precedence and overwrites idvisitor value
+        $userId = $this->request->getForcedUserId();
+        if ($userId) {
+            $userIdHash   = $this->request->getUserIdHashed($userId);
+            $binIdVisitor = Common::hex2bin($userIdHash);
+            $visitor->setVisitorColumn('idvisitor', $binIdVisitor);
+            $valuesToUpdate['idvisitor'] = $binIdVisitor;
+        }
+        return $valuesToUpdate;
+    }
 }
diff --git a/core/Tracker/Visitor.php b/core/Tracker/Visitor.php
index a73361e014..ec5dd6d279 100644
--- a/core/Tracker/Visitor.php
+++ b/core/Tracker/Visitor.php
@@ -118,7 +118,8 @@ class Visitor
         // We use a UNION here so that each sql query uses its own INDEX
         else {
             // will use INDEX index_idsite_config_datetime (idsite, config_id, visit_last_action_time)
-            $where = ' AND config_id = ?';
+            $where = ' AND config_id = ?
+                       AND user_id IS NULL ';
             $bindSql[] = $configId;
             $sqlConfigId = "$select ,
                 0 as priority
@@ -226,22 +227,31 @@ class Visitor
 
     protected function shouldLookupOneVisitorFieldOnly($isVisitorIdToLookup)
     {
+        $isForcedUserIdMustMatch = (false !== $this->request->getForcedUserId());
+        if($isForcedUserIdMustMatch) {
+            // if &iud was set, we must try and match both idvisitor and config_id
+            return false;
+        }
+
         // This setting would be enabled for Intranet websites, to ensure that visitors using all the same computer config, same IP
         // are not counted as 1 visitor. In this case, we want to enforce and trust the visitor ID from the cookie.
         $trustCookiesOnly = Config::getInstance()->Tracker['trust_visitors_cookies'];
+        if($isVisitorIdToLookup && $trustCookiesOnly) {
+            return true;
+        }
 
         // If a &cid= was set, we force to select this visitor (or create a new one)
         $isForcedVisitorIdMustMatch = ($this->request->getForcedVisitorId() != null);
 
-        // if &iud was set, we force to select this visitor (or create new one)
-        $isForcedUserIdMustMatch = ($this->request->getForcedUserId() !== null);
+        if($isForcedVisitorIdMustMatch) {
+            return true;
+        }
 
-        $shouldMatchOneFieldOnly = (($isVisitorIdToLookup && $trustCookiesOnly)
-            || $isForcedVisitorIdMustMatch
-            || $isForcedUserIdMustMatch
-            || !$isVisitorIdToLookup);
+        if( !$isVisitorIdToLookup ) {
+            return true;
+        }
 
-        return $shouldMatchOneFieldOnly;
+        return false;
     }
 
     /**