In certain situations you may want to change the session path used for a website. This is useful on shared hosting because if you're using the /tmp folder then chances are that everyone else will be too which likely means that everyone else can read or delete your sessions.
Instead of using the temp folder you can use a folder inside your own website which allows you to keep an eye on the sessions as well as making snooping on your files by other people much harder. It also means that your sessions won't be lost if the server does a periodic clean-up of it's temp folder.
Setting the PHP Session Path Per Site
There are two easy ways to set the session file save path for your website without needing access to the server's own configuration files. You can either set the session path via a .htaccess file by using a line like the following:
PHP doesn't need to be restarted when changing the session path this way which is also another benefit of this method.
Setting the PHP Session Path Globally
If you have access to your server's PHP ini file then you can set the session path globally there (although I don't recommended changing it from the default because by default it uses the servers temp folder which will almost always work for all websites without any additional fiddling).
On Linux you'll normally find the php.ini file in /etc/php.ini or /etc/php/apache/php.ini or some variation there of.
On Windows the php.ini file can be in quite a few locations but it will most likely be somewhere around C:\Program Files\Zend\ZendPlatform\etc\php.ini or possible C:\Windows\ (or winnt, win, etc).
You may need to add version numbers to the above examples, i.e. apache2 rather than apache and ZendPlatform-2.2.0 instead of just ZendPlatform. I've excluded these from the example paths due to versions always changing, but it should give you a good idea of where you'll find them.
Once inside the php.ini file, you need to change the session path. The original line will look something like this:
session.save_path = "/tmp"
Once you've changed the value and saved the file, you will need to restart your web service (Apache, IIS, etc) for the changes to take effect.