1 / 5
Fill in: 'We ___ every active session token the moment a user changes their password.'
-
-
-
-
We 'invalidate a token' — the standard, established collocation for revoking an active session. The other options aren't the recognised term here.
2 / 5
Fill in: 'A stateless token design can ___ instant revocation, since the server never checks a session store.'
-
-
-
-
We say stateless design will 'prevent' revocation — the standard collocation for a design limitation. The other options aren't idiomatic here.
3 / 5
Fill in: 'We ___ a short-lived access token alongside a longer-lived refresh token to limit exposure.'
-
-
-
-
We 'issue a token' — the standard, established collocation for handing one out to a client. The other options aren't the recognised term here.
4 / 5
Fill in: 'We ___ a deny-list of revoked tokens so a stolen one stops working immediately, not at natural expiry.'
-
-
-
-
We 'maintain a deny-list' — the standard collocation for keeping an ongoing record of revoked items. The other options are less idiomatic here.
5 / 5
Fill in: 'We ___ every session on a device the user reports as lost or stolen.'
-
-
-
-
We 'terminate a session' — the standard, established collocation for ending it forcibly. The other options aren't the recognised term here.