Bug ID 1583381: "Insert Secure Attribute" must be enabled and "Insert SameSite Attribute" must be set to "Lax" for pure wildcard cookie in all templates by default

Last Modified: May 05, 2026

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4, 17.5.1.5

Fixed In:
17.5.1.6, 17.1.3.2

Opened: May 02, 2024

Severity: 3-Major

Symptoms

The pure wildcard cookie configuration "Insert Secure Attribute" is disabled and "Insert SameSite Attribute" is not set to "Lax".

Impact

The configuration is incorrect.

Conditions

Creating the policy using the policy templates.

Workaround

Configure it manually: Enable "Insert Secure Attribute" and set "Insert SameSite Attribute" to "Lax".

Fix Information

Fixed the templates and now BIG-IP has the correct configuration for the pure wildcard cookie.

Behavior Change

The wildcard cookie will now have "Insert Secure Attribute" enabled and "Insert SameSite Attribute" set to "Lax" for all factory templates.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips