You say that the value you are comparing to is Request.Cookies("AutoLoginHash"), this is the 'and' part of your if statement. I was referring to the value that is being compared in the auth rule. Are you checking the same value in the rule? If so how is it setup and why are you trying to check it in both places?
When you say that you can make this check with two cookies and do not have the problem do you mean that you would have another 'and' condition in the if statement that is checking the value of another cookie? Also when you are using two cookies are both not existing when you check on them?
Sorry for all of the questions, I'm just trying to understand this the best I can so that I can reproduce exactly what you are experiencing to determine if there is something that can be updated to get past this issue. From what I have read here in this thread I'm wondering if a simple check for null on the cookie first could prevent this error from occurring.