You can alter it by using the session_save_path() function although whether you'd actually want to bother is another matter. Kindof depends how secure the session info needs to be. On safety - if it's a shared server then it is a little safer to do this than rely on the /tmp dircectory although personally I'd make sure it's just under the /public_html (or similar) directory so that it's not readable by anyone browsing with a web browser. Eg: /home/username/session_ids/ instead of /home/username/public_html/session_ids/ Trev