I've found SignalR.Owin incorrectly interprets cookies:https://github.com/SignalR/SignalR/blob/master/src/Microsoft.AspNet.SignalR.Owin/ServerRequest.cs#L117
It uses the same code as URL parser which is not correct and causes many problems especially when SessionID contains plus (+) sign.
According to RFC 2109 value has to be:
(... a sequence of non-special, non-white space characters) from the HTTP/1.1 specification [RFC 2068] to describe their syntax.
The quick fix could be modifying that code so it suppresses "+" replacing:
Another issue with the current code that cookie value could be "quoted" then it wouldn't be correctly handled either.
I believe this is fixed in the latest dev.
We're using Microsoft.Owin in the dev branch which fixes this issue. We're currently not planning to release another 1.1.x at the moment, but if we do we'll see what we can do about this fix.