Why cookieToken and formToken both require

just reading a article Preventing Cross-Site Request Forgery (CSRF) Attacks in ASP.NET Web API from thus url http://www.asp.net/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks

just see this code

<script>
    @functions{
        public string TokenHeaderValue()
        {
            string cookieToken, formToken;
            AntiForgery.GetTokens(null, out cookieToken, out formToken);
            return cookieToken + ":" + formToken;                
        }
    }$.ajax("api/values", {
        type: "post",
        contentType: "application/json",
        data: {  }, // JSON data goes here
        dataType: "json",
        headers: {
            'RequestVerificationToken': '@TokenHeaderValue()'
        }
    });</script>

why two token is required cookieToken, and formToken ?

how long this kind of token return cookieToken+":"+ formToken;remain valid ?

looking for suggestion. thanks