I am trying to make the ASM TS cookies Httponly and Secure HOWEVER I am not confident in setting those to Secure globally from the command line, because not all of my sites are secure. I am assuming that this would then break ASM functionality due to the client not sending the cookie back to the server if not using https.
So is there any way to set Secure on these cookies either per virtual server or per ASM policy. Regular iRules to modify cookies do not seem to modify the TS cookies.
Nevermind, the flags only turn on the Secure attribute then the traffic is HTTPS.
Looks like you have found the answer yourself, inedeed the secure attribute will only apply to HTTPS: https://support.f5.com/csp/article/K13787
You should change the database value with the following command from CLI. It is a global variable.
f5bigip# /usr/share/ts/bin/add_del_internal add cookie_secure_attr 1