My environment is PHP 4.40 with IIS 5.1 on Windows XP. First, I created new directory and named it sessionsave at C:\php\sessionsave. After that, I changed this directory permission to enable the IUSR_machinename to have full control over it.
Note: If you cannot find Security tab in your Windows XP system. You can enable it by go to the Tools -> Folder Options ... -> View -> remove the tick in front of "Use simple file sharing". Windows Server family enable this by default.
Finally, I edited my php.ini file. Back to the setup, Joomla can now write to the session save path.
; Handler used to store/retrieve data.
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
; As of PHP 4.0.1, you can define the path as:
session.save_path = "C:\php\sessionsave\"