Since a SSO "token" is a "master key" to get access to multiple systems$/$applications with a "single" login$,$ it is extremely important to protect this master key from theft, spoofing or forgery. What are typical ways to protect the SSO token from various threats?

Select the correct option$($s$)$ and click submit.

Invalidate the SSO token on server side for subsequent use after the user logs off from any of the SSO enabled applications$/$systems i$.$e$.$ after Single Sign$-$Off.

If the SSO token is being exchanged using a HTTP cookie, set the "HttpOnly" attribute of the cookie to prevent cookie access via client side javascript.

Define a server$-$side "timeout" for SSO token. The token should be invalid for use afr the timeout period.

Digitally sign the SSO token to protect against man$-$in$-$the$-$middle manipulations and also encrypt the token with a time variant encryption key$/$algorithm$.$ Exchange the token over SSL$.$

Implement a "source IP check" i$.$e$.$ The source IP of the end client device which was used to provide the user credentials to generate the SSO token for the first time, should match the source IP of the end client device for all subsequent requests containing the same SSO token.

All the above