Having said that, it is easy enough to do it the other way round.
the structure would be:
$username = get_username_from_other_app_cookie();
$user = get_user_by_username($username);
Ok, but where would you put that code? It doesn't seem to work doing that into engine/lib/sessions.php->authenticate
You would put it in a plugin.
Never alter core code.