python - session.pop() does not clear cookies -

i new flask framework , playing around learn better. following this tutorial along way.

as per user authentication tutorial in series, stuck below:

in tutorial, when user logs out hitting /logout route, first thing happens :

session.pop('logged_in', none) 

now per video mentioned above, moment user hits /logout route cookie gets deleted browser.

now 2 questions here:

1. in case, exact same setup tutorial, although session might getting invalidated server end, cookie not deleted/changed in way browser after /logout route hit. there wrong doing?
2. session.pop(...) => how/why delete front end, browser. can control things on server, isn't ?

for reference below code (taken tutorial itself)

# import flask class flask module flask import flask, render_template, redirect, url_for, request, session, flash   # create application object app = flask(__name__)  app.secret_key = 'my precious'   # use decorators link function url @app.route('/') def home():     return "hello, world!"  # return string     #return render_template(index.html)   @app.route('/welcome') def welcome():     return render_template('welcome.html')  # render template   # route handling login page logic @app.route('/login', methods=['get', 'post']) def login():     error = none     if request.method == 'post':         if request.form['username'] != 'admin' or request.form['password'] != 'admin':             error = 'invalid credentials. please try again.'         else:             session['logged_in'] = true             flash('you logged in')             return redirect(url_for('home'))     return render_template('login.html', error=error)   @app.route('/logout') def logout():     session.pop('logged_in', none)     flash('you logged out')     return redirect(url_for('welcome'))   # start server 'run()' method if __name__ == '__main__':     app.run(debug=true) 

1. first of session , cookie not same. session more unique id posted browser , key dictionary backend. of time, when change session(not session id), modify backend part(add or delete values in backend dictionary key). not browser's cookie.
2. you understood correct. when pop "logged in" session server remember browser not logged_in more.

so cookie used here identify client browser. it.