If you look into the Firefox or Chrome inspector tools, cookies will still be shown, this is normal and can't be prevented removing cookies only on the client side.
To verify that cookies are blocked, always rely on the test done in the native browser console using the command 'document.cookie'. As an alternative use the 'Website audit' tool included in the GDPR component that is fully reliable in the same way as the browser itself.
Obviously if you use a cookie audit tool it will continue to see that cookie even if blocked server side. The Joomla session cookie by the way is a strictly technical cookie that would not even need to be blocked to comply with the law.
If you want to enforce the cookie block involving also third-party cookies and blocking all local cookies also server side you can enable the following settings as well. If local cookies are blocked server side, no cookies will be sent by the server so that the browser will no longer report any cookie in the cookie tab.
If you choose to block also third-party cookies, you must manage the list of domains to match all domains used on your website that generate cookies and that you want to be blocked.