3 files changed, 30 insertions, 1 deletions

diff --git a/django/conf/__init__.py b/django/conf/__init__.py
index 5bf4cf13ae..d462f82acf 100644
--- a/django/conf/__init__.py
+++ b/django/conf/__init__.py
@@ -26,6 +26,12 @@ DEFAULT_STORAGE_ALIAS = "default"
 STATICFILES_STORAGE_ALIAS = "staticfiles"
 
 # RemovedInDjango70Warning.
+SIGNED_COOKIE_LEGACY_SALT_DEPRECATED_MSG = (
+    "The SIGNED_COOKIE_LEGACY_SALT_FALLBACK transitional setting is "
+    "deprecated. Remove it from your settings once legacy signed cookies "
+    "have expired. They will not be accepted in Django 7.0."
+)
+# RemovedInDjango70Warning.
 USE_BLANK_CHOICE_DASH_DEPRECATED_MSG = (
     "The USE_BLANK_CHOICE_DASH setting is deprecated. If you wish to define "
     "your own default blank choice label, override "
@@ -149,6 +155,12 @@ class LazySettings(LazyObject):
             self.__dict__.pop(name, None)
 
         # RemovedInDjango70Warning.
+        if name == "SIGNED_COOKIE_LEGACY_SALT_FALLBACK":
+            _show_settings_deprecation_warning(
+                SIGNED_COOKIE_LEGACY_SALT_DEPRECATED_MSG,
+                RemovedInDjango70Warning,
+            )
+        # RemovedInDjango70Warning.
         if name == "USE_BLANK_CHOICE_DASH":
             _show_settings_deprecation_warning(
                 USE_BLANK_CHOICE_DASH_DEPRECATED_MSG, RemovedInDjango70Warning
@@ -260,6 +272,13 @@ class Settings:
                 self._explicit_settings.add(setting)
 
         # RemovedInDjango70Warning.
+        if "SIGNED_COOKIE_LEGACY_SALT_FALLBACK" in self._explicit_settings:
+            warnings.warn(
+                SIGNED_COOKIE_LEGACY_SALT_DEPRECATED_MSG,
+                RemovedInDjango70Warning,
+                skip_file_prefixes=django_file_prefixes(),
+            )
+        # RemovedInDjango70Warning.
         if "USE_BLANK_CHOICE_DASH" in self._explicit_settings:
             warnings.warn(
                 USE_BLANK_CHOICE_DASH_DEPRECATED_MSG,
@@ -319,6 +338,13 @@ class UserSettingsHolder:
 
     def __setattr__(self, name, value):
         self._deleted.discard(name)
+        # RemovedInDjango70Warning.
+        if name == "SIGNED_COOKIE_LEGACY_SALT_FALLBACK":
+            _show_settings_deprecation_warning(
+                SIGNED_COOKIE_LEGACY_SALT_DEPRECATED_MSG,
+                RemovedInDjango70Warning,
+            )
+        # RemovedInDjango70Warning.
         if name == "USE_BLANK_CHOICE_DASH":
             _show_settings_deprecation_warning(
                 USE_BLANK_CHOICE_DASH_DEPRECATED_MSG, RemovedInDjango70Warning
diff --git a/django/conf/global_settings.py b/django/conf/global_settings.py
index 12d76b05bb..a00c5c3922 100644
--- a/django/conf/global_settings.py
+++ b/django/conf/global_settings.py
@@ -561,7 +561,7 @@ AUTH_PASSWORD_VALIDATORS = []
 # SIGNING #
 ###########
 
-SIGNED_COOKIE_LEGACY_SALT_FALLBACK = True
+SIGNED_COOKIE_LEGACY_SALT_FALLBACK = False
 SIGNING_BACKEND = "django.core.signing.TimestampSigner"
 
 ########
diff --git a/django/core/signing.py b/django/core/signing.py
index 33f51d16aa..56b2c35a02 100644
--- a/django/core/signing.py
+++ b/django/core/signing.py
@@ -124,12 +124,15 @@ def _cookie_signer_salt(cookie_name, salt=""):
     return f"django.http.cookies.v2:{len(salt)}:{salt}{cookie_name}"
 
 
+# RemovedInDjango70Warning: When the deprecation ends, remove.
 def _cookie_signer_legacy_salt(cookie_name, salt=""):
     return cookie_name + salt
 
 
 def _unsign_cookie(signed_value, *, cookie_name, salt="", max_age=None):
     try:
+        # RemovedInDjango70Warning: When the deprecation ends, replace the
+        # whole function body with this single return statement.
         return get_cookie_signer(salt=_cookie_signer_salt(cookie_name, salt)).unsign(
             signed_value, max_age=max_age
         )