My understanding is that depends on where the cookie is set, auth.acme.com could set a cookie on auth.acme.com in which case it would not be 1st party on app.acme.com but if it was set set it on the root domain acme.com then it would be accessible on all subdomains of acme.com including app.acme.com.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
My understanding is that depends on where the cookie is set,
auth.acme.comcould set a cookie onauth.acme.comin which case it would not be 1st party onapp.acme.combut if it was set set it on the root domainacme.comthen it would be accessible on all subdomains ofacme.comincludingapp.acme.com.