The webserver handles SSL and NONSSL activities as separate activities from separate sites. This runs the risk of having your session data not available if the filesystem references aren't available from the "other" site.
Granted, if all the files are handled from the same place, the risk is limited.
However, if it's all stored in the database, it's all available regardless of which server it's coming from.
Further, having any security information left in O/S files is a sensitive issue to many.
Also, files are vulnerable to changes made server administrators related to permissions. If 777 rights were ever prevented by the admin, your site would be down until the sessions files could be written again.
Both options work, but I recommend database for almost all cases.