HttpOnly on session cookie (e.g. x-gsf-session) breaks logout

Client has to read session cookie value in order to pass it back to the server in a SignalR request during the logout process. This could be fixed if we switch to a web API call through AJAX or somehow modify SignalR to transmit cookies with every request.