I don't see a Mojolicious 9.30, but the Changes file mentions:
Swiched from HMAC-SHA1 to HMAC-SHA256 for signed cookies. Note that this means that all sessions will be reset.
To me, this means this is expected behaviour. I don't know if/how you can migrate the signed cookies from the old version to the new version automatically. I guess you would need to have two code paths. One that receives and validates the HMAC-SHA256 cookies, and one that gets taken when the SHA256 validation fails (maybe copied from the old Mojolicious distribution), that validates against the old HMAC-SHA1, and does an upgrade.