PHP appears to have session files in two different locations?

Solution 1:

Is this normal?

Yes.

This is documented in the configuration file. Each user must have a different location to avoid access issues.

So the path is configured in each SAPI file

Default to /tmp (for CLI users)

See these comments in your php.ini:

; RPM note : session directory must be owned by process owner
; for mod_php, see /etc/httpd/conf.d/php.conf
; for php-fpm, see /etc/php-fpm.d/*conf
;session.save_path = "/tmp"

It means that /var/opt/remi/php72/lib/php/session is only used by the apache user (the default user in the FPM pools of your distribution).

And if you use multiple FPM pools, running with different users, you have to set a different location for each, see php-fpm.d/www.conf:

; Set the following data paths to directories owned by the FPM process user.
;
; Do not change the ownership of existing system directories, if the process
; user does not have write permission, create dedicated directories for this
; purpose.
;
; See warning about choosing the location of these directories on your system
; at http://php.net/session.save-path
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
;php_value[opcache.file_cache]  = /var/lib/php/opcache