My understanding is that depends on where the cookie is set, auth.acme.com could set a cookie on auth.acme.com in which case it would not be 1st party on app.acme.com but if it was set set it on the root domain acme.com then it would be accessible on all subdomains of acme.com including app.acme.com.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
My understanding is that depends on where the cookie is set,
auth.acme.com
could set a cookie onauth.acme.com
in which case it would not be 1st party onapp.acme.com
but if it was set set it on the root domainacme.com
then it would be accessible on all subdomains ofacme.com
includingapp.acme.com
.