AntiForgery.GetTokens
will try to reuse the old cookie token for validation purposes. So if you already have a validation token you want to reuse, it will attempt to use it instead of generating a new one. If the old token is invalid, it will generate a new one and use it instead.
So passing null
to oldCookieToken
is valid. It simply tells GetTokens
to always generate a new cookie token.