Bug ID 1583381: "Insert Secure Attribute" must be enabled and "Insert SameSite Attribute" must be set to "Lax" for pure wildcard cookie in all templates by default

Last Modified: Feb 03, 2026

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4

Opened: May 02, 2024

Severity: 3-Major

Symptoms

The pure wildcard cookie configuration "Insert Secure Attribute" is disabled and "Insert SameSite Attribute" is not set to "Lax".

Impact

The configuration is incorrect.

Conditions

Creating the policy using the policy templates.

Workaround

Configure it manually: Enable "Insert Secure Attribute" and set "Insert SameSite Attribute" to "Lax".

Fix Information

None

Behavior Change

The wildcard cookie will now have "Insert Secure Attribute" enabled and "Insert SameSite Attribute" set to "Lax" for all factory templates.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips