Description
I have been going back and forth with Zoom team on security review for my app ( App Marketplace ). I don’t want to resubmit and then get a short unclear answer, therefore asking here experts on the next steps I should take before resubmission. Please check the screenshot below:
In text, here is the response from Zoom team:
“Hi! Upon checking, the session did not expire immediately after logout. The CSRF token is issued per session, which is acceptable. After logging out and logging back in, a new session and corresponding CSRF token are properly generated.”
I don’t understand this. The session does expires immediately after logout. You can’t navigate to internal parts of app anymore. And last sentence if CSRF tokens are proper generated then why is app rejected instead of getting accepted.
Please help me out understanding the response. Thanks in advance for your time!