@diosmosis the solution in this case is likely similar to #17587 to send the correct force_api_session=1 request in GA. It basically wasn't really supposed to work before. Or alternatively remove the token_auth from the request. Can you point me to the code maybe in GA Importer where the problem is?

Generally we'd want to have this check not just for API, but also widgets and because any action can be embedded using token we kind of have to keep this new behaviour for things to work correctly as expected and it might be better to fix the code in the plugins etc. Be good to let me know though where this happens

Just seeing the code in https://github.com/matomo-org/plugin-GoogleAnalyticsImporter/blob/4.x-dev/angularjs/import-scheduler/import-scheduler.controller.js#L57 . I think in that case we shouldn't set the token hard coded but use the method withTokenInUrl in the API angular service which then will behave correct automatically

Looked through the code and think the only other place that also needs updating is https://github.com/matomo-org/matomo/blob/4.3.0/plugins/UserCountryMap/javascripts/visitor-map.js#L1189

I'd prefer fixing the code as @tsteur suggested. This way will have a clear way of how it should and how it works.

I just tested and visitor-map is already doing it correctly. @diosmosis I think you updated the GA importer so we can close this issue? Let me know if that's not the case and I will reopen.