By default, all session information is written to the temp directory. If you use virtual hosting, someone besides you can write a script and read the session data. So beware of storing passwords or credit card numbers in sessions.
If you still need to store such data in a session, then encryption is the best measure. This does not completely solve the problem, since the encrypted data is not 100% secure, but the stored information will be unreadable. You should also consider storing the session data in a different location, such as a database. PHP has a special method that allows you to store session data in your own way.
Protection methods works in PHP versions starting from PHP 5.4. Check with your administrator the PHP version before ordering the service. If your site uses other technologies, such as Python or Ruby, that this service is not suitable for your site.