In order to set a custom visitor Id, the parameter cid is used in PiwikTracker.php (see [https://github.com/piwik/piwik/blob/ce63a9fbc4727df77a351fc55a641693d10a4f5c/libs/PiwikTracker/PiwikTracker.php#L1047]). However, it cannot be used to distinguish Visitors as distinct.
Steps to reproduce:
The visitor is known (idvisitor = fbface7fb484cf60, config_id = 6da98b12e33904b4, idvisit = 1270,
(Complete output attached)
cid is not documented in the FAQ [http://piwik.org/docs/tracking-api/reference/].
May be related: #3312
Attachment: Visitor Log: Only one visit (instead of several), wrong visitor id
Using Piwik 1.10.1 . API key is admin user of idsite(2).
Oh, sorry: auth_token should be token_auth, of course. Attached a new version of the output, as the problem remains:
Matching visitors with: visitorId=1234567890123456 OR configId=6da98b12e33904b4<br /> The visitor is known (idvisitor = bb0ccf88648b5ee2, ...
In case of a forced (vs. indicated via _id) visitorId it should only match by visitorId.
I've sent a pull request on github: https://github.com/piwik/piwik/pull/35 - which fixed the issue for me.
Thanks for the report, very nice find. I agree with your proposal, that when a user has called $tracker->setVisitorId( ) and has authenticated with token_auth, then the visitor ID should be enforced.
Adding integration test to test this code.
I also updated tracking api reference to explain "cid" parameter.
cid (requires token_auth to be set) defines the visitor ID for this request. You must set this value to exactly a 16 character hexadecimal string (containing only characters 01234567890abcdefABCDEF). When specified, the Visitor ID will be enforced. This means that if there is no recent visit with this visitor ID, a new one will be created. If a visit is found in the last 30 minutes with your specified Visitor Id, then the new action will be recorded to this existing visit.