AntiForgery.GetTokens: what is the purpose of the oldCookieToken parameter?

Question

We\'re writing an iOS mobile app in objective-c that makes posts to our ASP.NET MVC server app. On iPhone, the HTTP stack (and cookies etc) appear to be shared with Safari. This

Answer 1

AntiForgery.GetTokens will try to reuse the old cookie token for validation purposes. So if you already have a validation token you want to reuse, it will attempt to use it instead of generating a new one. If the old token is invalid, it will generate a new one and use it instead.

So passing null to oldCookieToken is valid. It simply tells GetTokens to always generate a new cookie token.