To use a .htaccess file, you create a file in the folder of (say) /home/custno1/www called .htaccess (there should already be one there) and put the following line in to it
php_value session.save_path /path/to/local/tmp/folder
and as DaveBaldwin says you would need to protect that folder if it is in your webspace by creating another .htaccess file in it (work on a one-per-folder basis) which contains one line
Deny from all
to protect the temp folder. You can do this in the virtualhost conf file as well, which I prefer to .htaccess myself (my syntax may be a bit iffy here...)
php_value session.save_path /path/to/local/tmp/folder
<Directory "/path/to/local/tmp/folder">
Order Deny,Allow
Deny from all
</Directory>
You cannot do "Deny" directives in PHP as they are Apache directives, but to change the session path do this
ini_set("session.save_path", "path/to/local/tmp/folder");
very early in your PHP before you start the sessions.
Of all these methods I would go for doing the virtualhost method as it centralises everything. Failing that I would go for the .htaccess files.
