Thanks for the answer. I have a slight suspicion it's not an answer to what I was asking (I didn't want the admin to be able to change the settings, but the script itself to be able to change the settings by ini_set), but nevertheless it worked.
So just for record if someone else searches for the solution of same problem:
- ISPconfig creates Apache conf file for each website and in this conf file it places php_admin_value to set php config values of open_basedir, session.save_path and several others
- due use of php_admin_value Apache directive, the user is unable to change these settings in .htaccess or runtime (using ini_set), he must ask admin to change it (which means for example that runtime decision in the script is impossible)
- you cannot stop ISPconfig from generating conf files this way, however you can add new Apache directive (in ISPconfig Sites section, on a site's Options tab) "php_value session.save_path xxx" (where xxx is the same value as ISPconfig has created)
- at this point you have a conf file for this website containing
php_admin_value session.save_path xxx
php_value session.save_path xxx
- now php_value takes precedence over php_admin_value and effectively removes the limits imposed by php_admin_value - and you can set session.save_path by ini_set in your php scripts.
Please note that even though this seems to work (on PHP 5.3.2), I haven't found any documentation about it so this might be changed in next version or even considered a bug (which wouldn't surprise me, as having "weaker" directive php_value to take precedence over "stronger" directive php_admin_value looks a bit strange to me).