rm -rf cannot delete session files

The problem here is that path name expansion occurs BEFORE the sudo. The path name expansion for ./* doesn't have permission to see the directory contents. Therefore, it would not get expanded to rm -rf ./sess_716a24lf4tsnmfucpq50uf1pk7 ./sess_fkif8ed8k85olh53q9so1cd6s3 ./sess_ov6nrn16gg81i44u9angk3bls6 as supposed – and as it would, if the whole command was run as root.

You can launch a new terminal inside sudo. Try:

sudo sh -c "rm -rf /var/lib/php/sessions/*"

Notice that I used the full path because it's much more safe than a relative path. Once a colleague typed / instead of ./ inside sudo rm -rf. You can imagine what happened: unnecessary restoring task for me... and one user less in the sudoers list.