Because the cart is tied to the session ID (usually stored in a cookie), an attacker can force a victim to use a known session ID. If add-cart.php doesn’t regenerate session IDs after login, the attacker can view the cart.php page later and see exactly what the victim added.
header('Location: cart.php'); exit;
) can crash the calculation logic or cause the price to wrap around to zero. Decimal Injection add-cart.php num
// 4. Update cart session if (!isset($_SESSION['cart'])) $_SESSION['cart'] = []; Because the cart is tied to the session