Bug: Inverted logic in pop_transaction_id() causes cart session corruption

[reneaye]

Bug Description

There's an inverted conditional in pop_transaction_id() at line 224 that prevents transactions from being properly removed from the queue, causing cart session mixing/corruption under concurrent requests.

Location

File: includes/utils/class-session-transaction-manager.php
Line: 224

The Bug

// Bail if not the expected mutation.
if ( str_starts_with( $this->transaction_id, "wooSession_{$mutation}_" ) ) {
    return;
}

The comment says "Bail if not the expected mutation" but the code bails when it IS the expected mutation. Missing ! operator.

Expected

if ( ! str_starts_with( $this->transaction_id, "wooSession_{$mutation}_" ) ) {
    return;
}

Impact

• Transactions are never popped from the queue
• Old cart snapshots accumulate in the transaction queue
• Under concurrent requests, cart state becomes corrupted (products disappear, wrong products appear)

Reproduction

1. Start with empty cart
2. Send 3 parallel addToCart mutations with same session token
3. All 3 report success with itemCount: 1
4. Final cart check shows only 1 item (2 products silently lost)

Why It's Intermittent

The graphql_mutation_response hook fires for ALL mutations. When secondary mutations exist, the transaction may accidentally get popped (for the wrong reason). The bug manifests when only the primary cart mutation fires.

Environment

• wp-graphql-woocommerce: 0.19.0 (also verified in 0.21.2 and develop branch)
• WordPress: 6.x
• WooCommerce: 9.x
• PHP: 8.x

Suggested Fix

One-character change - add ! to line 224.